Even with an excess of advice on online best security practices, experts in the field and regular users implement different strategies to cope with cyber threats, and not all adequately keep devices protected.
Cybersecurity experts, for instance, say they primarily install software updates to stay safe online, whereas non-expert users prefer to rely on antivirus software. A new Google study, “'…no one can hack my mind': Comparing Expert and Non-Expert Security Practices,” surveyed 231 security experts, or people with at least five years of experience working in or studying computer security, and 294 “non-experts,” recruited through Amazon's MTurk work marketplace.
After installing software updates, experts ranked creating a unique password, implementing two-factor authentication, having strong passwords and using a password manager as their top security practices. Non-experts, however, said after using antivirus software, they relied on strong passwords, changed their passwords frequently, only visited familiar websites and didn't share personal information.
Clearly, both sides don't exactly line up.
“Our findings highlight fundamental misunderstandings about basic online security practices,” a Google blog post stated. “Software updates, for example, are the seatbelts of online security; they make you safer, period. And yet, many non-experts not only overlook these as a best practice, but also mistakenly worry that software updates are a security risk.”
Regular users suggested these updates could install malicious software, specifically for automatic uploads. Some experts agreed saying that update dialogs could be spoofed if automatic updates weren't enabled.
Opinions on antivirus (AV) differed greatly with 85 percent of non-experts saying they use the software on their personal computers, as opposed to 62 percent of experts.
The tech company attributes regular users' preference for AV to its single install process.
That said, both sects agreed passwords required extra security, albeit in different ways.
Whereas 73 percent of experts used a password manager, only 24 percent of non-experts did, too. The researchers attributed this to a “lack of education” on the benefits of password managers and a perceived lack of trust in the programs.
“There is clearly room to improve how security best practices are prioritized and communicated to the vast majority of (non-expert) users,” Google wrote.