The most serious security risk facing business and personal Internet users does not come from technical security flaws in software or websites. Such flaws are all too common, but they can be protected against.
According to one extensive study, the most serious security risk is that most people are lax in their security practices. Even people who have already been personal victims of hacker exploits continue to be careless about their security.
As Greg Gazin reports at Troy Media, that is the word from Siber Systems, a software productivity tool developer. One of its offerings is a password manager, a project that led the company to conduct a study of security habits among more than 700 adults in North America and Western Europe.
These users' habits were not good. This is the case even though nearly a third of them have had a fraudulent experience with an online account. Out of those victims, more than half had their email hacked. More than a quarter have been hit by a social-media account breach, and nearly a quarter have experienced a security breach in an online shopping account.
Even after these alarming experences, nearly four out of five (79.2 percent, to be exact) of those affected still use sites linked to a compromised account. A hefty majority of all participants in the study, 60 percent, took for granted that online businesses are careless about customer security.
However, mostly users just don't seem to care. They regard security as the responsibility of online companies – and distrust the companies. Yet they keep using them, while taking no additional precautions.
An indicative tidbit: Another strong majority of participants, 57 percent, regard Facebook as their least trusted site. Which does not keep them from continuing to put their personal lives on Facebook.
The Siber Systems report is just one study, though an extensive one. But a host of other evidence points in the same direction. Password lists have been hacked and placed on the open Internet. These reveal how easy most passwords are to break: passwords such as "12345" and "password" remain all too common. And even after the hacking, all too many people don't change their passwords.
Good basic security protections are available, starting with simple tricks for creating passwords that are easy to remember but hard to guess. Many online firms now offer dual authentication (which too many users reject as "too complicated").
Taking basic security precautions needs to become a habit. This is the real point of our emphasis on security policy – once a policy is implemented it soon becomes a regular practice, hardly different from locking your door when you leave.