Despite high-profile headlines about companies such as Facebook and Google abusing consumers’ personal information, it turns out that the average American is still not implementing a full cadre of best practices for keeping data safe.
According to survey findings from research released at the RSA Conference 2019 on Tuesday, data privacy is a top concern for most people; out of 4,000 participants queried from January 14 to February 15, a vast majority (96 percent) of said that they care about their privacy (including most Millennials at more than 93 percent); and 93 percent said they use security software.
Also, few of them trust the companies they interact with the most on the internet to maintain it the right way. No surprise there, given the headlines; Facebook’s Cambridge Analytica scandal and revelations of companies using data-chugging mobile apps to track user behavior and preferences.
No Trust in Tech Giants
Meanwhile, the survey found that users distrust tech giants; very few for instance have confidence in social media’s ability to protect personal data. A full 94 percent said that they refrain from sharing personal information on social media, and 95 percent of polled users felt an overall sense of distrust for social-media networks.
“We observed an average score of 0.6, out of 5, meaning that users barely trust social media, if at all, to protect their data,” the report found. “Baby Boomers are the most distrustful (96 percent) generation of social media when it comes to protecting their data, followed by Gen Xers (94 percent), Gen Z (93 percent), and Millennials (92 percent).”
When it comes to search engines, users were slightly more confident – but not by much.
“Amongst the generations, not many Baby Boomers distrust search engines (57 percent) compared to Gen Xers (65 percent), Millennials (64 percent) and Gen Z (75 percent),” according the report’s author Malwarebytes Labs. “If given the option to choose the lesser evil, they’d rather forgo using social media than search engines.”
The results also showed that consumers are not confident in general about sharing their personally identifiable information (PII) online. Baby Boomers are the most conscious (almost 88 percent) when it comes to seeking data privacy at work and at home.
However, respondents across generations who are confident in disclosing information are most likely to share their contact details, card details, and banking and health-related data with specific sites.
Yet the survey found that consumers are falling short when it comes to implementing security practices.
Lagging Security Practices
Regarding respondents’ confidence in their own privacy and security practices, the survey found that they believe themselves safe, because the majority are adopting obvious security practices.
These include running updates regularly, verifying that websites are secure before making a purchase, and refraining from posting sensitive personal information on social media. The most common measures being implemented were the use of security software such as antivirus, and being cautious about what information is being posted online.
However, users did not follow through with some of the more difficult and cumbersome best practices for data privacy. For instance, only 32 percent said that they read privacy policies and End User License Agreements (EULAs) (and 66 percent say they simply skim through or do not read EULA or other consent forms at all).
“The EULA document is usually incredibly long and full of technical and legal jargon,” according to the report. “That is where the developers of potentially unwanted programs (and totally unwanted programs) hide agreements to sell your data to third parties or install additional software without your knowledge.”
Also, only 47 percent know which permissions their apps have. And, a little more than 53 percent use password managers.
Concerningly, 29 percent of those polled said they’re using the same password for multiple sites.
“Millennials are much worse at this practice—37 percent reuse passwords,” the study noted. “This kind of behavior is what criminals want users to do. It makes it easy to steal the credentials from one source and use them elsewhere.”
For all Threatpost’s RSA Conference 2019 coverage, please visit our special coverage section, available here.