A key to having better security is having an understanding of what in fact is not secure and what activities can lead to risk.
When it comes to cyber-security, a study released on Dec. 19 by Symantec's Norton LifeLock found that there are many myths that American believe that simply are not factually accurate. Among the high-level findings in the report is that 53 percent of Americans don’t know that their personal information is not protected even if they enable privacy settings on the websites, apps and social media sites they use.
"It’s important for Americans to understand that once their information is shared online, there's no guarantee it will be protected even if they enable privacy settings," Paige Hanson, chief of identity education at Norton LifeLock, told eWEEK. "In the past year, we’ve seen millions of people’s data and personal information compromised in data breaches—in the instance of Cambridge Analytica, the majority of individuals were victims because of their friends who downloaded the app This is Your Digital Life."
Hanson added that it's also possible to become a victim of your online friends. She noted that Norton LifeLock has found that identity theft is commonly committed by someone who knows the victims and they're often able to gather their details from online profiles.
One of the cyber-security myths uncovered by the report—which 13 percent of Americans believe—is that a locked phone prevents attackers from gaining access to data. While having a locked phone is helpful, the report points out that data is still replicated and stored in the cloud, which could leave data at risk if an attacker is able to gain access via social engineering or an exploit.
Another myth that is detailed in the report concerns paying ransomware attackers. In a ransomware attack, malware encrypts user data and prevents access, with the attacker demanding a “ransom” from the user in order to decrypt the data. The study reported that 35 percent of Americans did not know that paying the ransomware demand will not guarantee that they will get their data back. Norton LifeLock recommends that users make sure they are backing up data regularly to help mitigate the risk of data loss from a ransomware attack.
The report also found differences in how various age groups look at different types of security concerns. Hanson said she was quite surprised to see the discrepancy between Millennials and Gen-Z compared to seniors.
"It’s a cliché that older Americans don’t understand the uses and implications of today’s technologies, and as a result, many may assume they’re the most vulnerable when it comes to cyber-security," she said. "But there’s clearly a gap in cyber-literacy when it comes to Millennials and Gen-Z, which one could argue is more concerning given how connected they are."
The survey found that 27 percent of younger Americans believe it's safe to send personal information through email if they have a strong password, compared to only 6 percent of seniors, Hanson said. Additionally, 37 percent of younger Americans believe freezing their credit after a data breach prevents their identity from being stolen, compared to only 20 percent of seniors. The report notes that while having a credit freeze can be helpful after a data breach, it doesn't protect existing financial accounts or prevent attackers from filing fake tax returns, which is why identity theft protection services should also be considered.
Why Cyber Myths Persist
There are a number of reasons why Americans of all ages continue to engage in online activities that might be considered cyber-security risks. Hanson commented that staying safe online and protecting personal information can seem overwhelming.
"Consumers are aware of threats to their online data and privacy, but they don’t always seem motivated to take action," she said. "It’s likely a combination of not prioritizing and needing additional education on the tools that are available to make it easier for them to be safe."
Looking forward, Hanson is hopeful that cyber-security awareness will change and improve in 2019. She noted that there are multiple tools available that can help improve user security. For example, using a VPN while on public WiFi can help reduce risk. Additionally, Hanson recommends the individuals make sure they’re not sharing more information than they’re comfortable with online and sharing with friends only, instead of friends of friends. She also recommends that individuals deactivate location settings instead of allowing automatic geotags, and continually review and actively manage social media friends lists.
"If we all can assess our risk with each post, with each app, and each way we access social media, we will all be safer," she said.
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.