Online security should be an ongoing concern for all Internet users, especially if you making purchases or do any sort of banking online. Credit card numbers, banking credentials and personal identities are just a few of the types of personal data at risk on the Internet. Popular security advice often recommends using anti-virus/anti-malware and firewall software, using a recent operating system (such as Microsoft’s Windows 10®, Apple’s OS X® 10.11 “El Capitan” or one of the many versions of Linux such as Canonical’s Ubuntu®) and an up-to-date version of a browser (Chrome, Firefox, Internet Explorer, Opera and others), as well as adding to the browser’s security with additional, free plug-in extensions.
This past July, three researchers at Google—Iulia Ion, Rob Reeder and Sunny Consolvo—published a summary of their research paper on Google’s Online Security Blog that looked at differing online security practices between two groups; the paper is titled “…no one can hack my mind”: Comparing Expert and Non-Expert Security Practices”. It was presented at the Symposium on Usable Privacy and Security. The paper analyzed the results of two surveys—the first with 231 security experts and the second with 294 web-users who are not security experts—in which each group was asked what actions they take for Internet security. Comparing the surveys’ results highlighted both similar and different approaches to personal online security.
The study found that both groups used strong passwords but that experts often used unique passwords in conjunction with a password manager. A password manager is software that helps a user store and organize online passwords for multiple websites. Password managers store and heavily encrypt passwords and require the user to create a master password to access their other passwords. Because the password manager will remember the password, each can be as long, complex and unique as the user wants without them having to remember it.
The experts also installed software updates regularly, which is important if a piece of software has been found to have a vulnerability and requires an update to ensure that it’s secure.
Experts also use two-factor authentication. An example of two-factor authentication is when money is withdrawn from an automated teller machine. A user’s account can be accessed and funds withdrawn only by using in combination both a bank card that the user possesses and a personal identification number that only the user knows; without these two pieces of information the transaction cannot be carried out. Online, two-factor authentication may consist of inputting a user name and password into a site, then waiting for an email with an additional passcode to be sent to the user’s email address or texted to their cellphone. The user then has to input the additional code they have received to get access to their account.
Security experts also advise on how to mitigate the destructive effects of successful cyber breaches. Consequently, many companies are increasing their investment in cyber insurance due to increasing breach risks—if cyber attacks cannot always be fended off then at least their effects can be covered under a policy. To understand more about cyber insurance, see The Future of Cyber Insurance.
The study summary may be read here. What do you do for online security? Let us know below!