Google has conducted a study to compare the best online safety practices of regular users to the ones of security experts.
The Internet is full of advice on how users can protect themselves against potential cyber threats. However, it appears that many regular users have not properly prioritized their security practices.
The study, based on the responses of 231 security experts and 294 non-experts, shows that there is a big discrepancy in the security practices each of these categories follow.
For example, security experts have named software updates as the top online safety practice. In contrast, regular users don’t consider software updates a priority when it comes to online safety. Non-experts don’t clearly understand how effective updates are, and some users even believe they are risky because they could contain bugs or hide malicious software.
The top online safety practice named by non-experts is the use of antivirus software. While experts acknowledge the benefits of using antiviruses, they believe such software gives users a false sense of security.
Regular users also focus on using strong passwords, changing passwords frequently, only visiting trusted websites, and not sharing personal information. Experts on the other hand have named unique passwords, two-factor authentication, strong passwords, and password managers as their top security practices.
While both categories agree that careful password management is important, they take different approaches. Security experts are highly confident in password managers — 73 percent of those who took part in Google’s survey use them for at least some accounts. On the other hand, only less than a quarter of regular users rely on them to generate and store passwords. One of the reasons non-experts don’t use password managers is because they don’t trust such applications, Google has found.
“I try to remember my passwords because no one can hack my mind,” one non-expert argued.
According to Google, the study shows there is clearly room for improvement when it comes to teaching regular users how to stay safe on the Internet.
“Our findings highlight fundamental misunderstandings about basic online security practices. Software updates, for example, are the seatbelts of online security; they make you safer, period. And yet, many non-experts not only overlook these as a best practice, but also mistakenly worry that software updates are a security risk,” Google researchers said in a blog post.
“No practice on either list—expert or non-expert—makes users less secure. But, there is clearly room to improve how security best practices are prioritized and communicated to the vast majority of (non expert) users,” they added.
The complete research paper, titled “…no one can hack my mind: Comparing Expert and Non-Expert Security Practices,” is available online.