It’s Cybersecurity Awareness Month. Since 2005, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has been promoting October as a dedicated month to reminding us all about the importance of sound cyber practices.
At W2 Communications, we live and breathe cybersecurity every day in service to our many clients in this space. But we realize not everyone has this heightened awareness about being safe online. Since we also understand the value of research, we thought we’d poll some average Americans to see how much cyber is on their minds, and how their typical digital behaviors might or might not be influenced by cyber concerns.
In an October 2022 survey of about 300 people across various age groups, income levels and geographic regions, we learned that regular folks are paying attention to cyber threats, but there is plenty of risky behavior still to be found.
Over Half of Respondents Were Recently Attacked
As with most things, personal experience resonates. While we asked this question last so as not to bias responses to other questions, 54% of respondents admitted that they or someone in their family/close circle of friends were the victim of a cyber attack within the last 12 months. That corresponds to the 53% of respondents who said they are very or extremely concerned about cybersecurity.
Speed and Convenience Lead to Vulnerabilities
Just over half (55%) of respondents usually or always use multi-factor authentication when it’s offered for online banking or other sensitive transactions. That leaves a sizeable 45% who don’t. Given that only 38% of respondents say they always verify the sender of links or email attachments before clicking (perhaps they were previously victimized by a ransomware or phishing attack?), and another 28% say they usually do, that leaves 34% at higher risk. It only takes one slip-up for an attacker to get through; so when declining to use multi-factor authentication, it’s extra important to verify that the link or site you’re using is legitimate. What’s more, 58% use the same password for multiple online accounts, increasing their exposure should a threat actor obtain even one password.
Mixing Work and Personal Use Exposes Employers
Of people who are able to work from home at least sometimes, 66% say they use the same laptop or computer for business and personal purposes. Interestingly, 68% say they have never let anyone else use their work-issued laptop or mobile device. This could reflect an employer expectation that workers use their personal assets when performing work at home (the BYOD model), or perhaps that employees are more likely to use their employer-owned device for personal use—such as many people do to shop for holiday deals on Cyber Monday. Regardless of the reason, the behavior increases risk for employers whose networks, applications and data are being remotely accessed.
Weakening Our Own Defenses
Public Wi-Fi, commonly available in coffee shops, airports, shopping malls and many other places, is certainly convenient, especially when it is free to use. We’ve come to expect it, as we do electricity and water. But threats can lurk in public networks accessed by so many anonymous users—from rogue networks and network snooping to session hijacking, malware, viruses and more. Despite the known risks, 48.5% of respondents say use public Wi-Fi always, usually or sometimes. And 60% say they never, rarely or only sometimes install vendor-provided updates to apps on their mobile. That increases the chances of threats lurking in public networks successfully exploiting known vulnerabilities on individuals’ devices that could otherwise be prevented.
A whopping 95% of our respondents completed this survey on their mobile device. Clearly, they are used to using smart phones and likely use their devices for many things. While progress in taking cautionary steps to protect their digital lives is slowly increasing in recent years, this very current data shows there is still quite a ways to go.
We encourage everyone to remain mindful of the cyber threats we all face, and consider shifting a few behaviors that can go a long way toward staying safe online.