Advertisement

Expert online security practices differ from regular users - here's why

Brian Chin

Searching something as easy as 'best security practices' can take you down a huge rabbit hole of information that can be hard to digest for some and repetitive and mundane for others. If you're serious about keeping your computer and information safe online, though, Google's new research paper entitled, “...no one can hack my mind”: Comparing Expert and Non-Expert Security Practices, gives a comprehensive breakdown of the mentality between security experts and non-experts alike.

Here's a quick rundown of the top five security practices from each team brought to you by the Google Online Security Blog:

 

Non-Experts' Top Online Safety Practices

  • Use Antivirus Software

  • Use Strong Passwords

  • Change Passwords Frequently

  • Only Visit Websites They Know

  • Don't Share Personal Information

 

Experts' Top Online Safety Practices

  • Install Software Updates

  • Use Unique Passwords

  • Use Two-Factor Authentication

  • Use Strong Passwords

  • Use a Password Manager

 

Right from the start we do see some similarities between the two groups; mainly in the password strength department. Using unique/strong passwords is definitely one of the more typical security measures taken as everyone tries to protect their emails, banking information and other logins with a long string of digits that normally includes numbers, capital and lower case letters and other characters like an exclamation mark, number symbol or money sign.

While having a hard-to-guess password comes as no surprise to anyone, we do see some differences in the use of software updates, two-factor authentication and password managers for the experts versus protecting a PC with antivirus software, only visiting known websites and sharing personal information for the web users. Not only do the lists differ in these areas in terms of priority but also in recognition. But why is that? Why are non-experts averse to installing software updates but key on antivirus software? Why would experts use a password manager to store sensitive information in a program that could easily be hacked or held in a database of a potentially untrustworthy source? Here are some short tidbits of Google's research findings.

On installing software updates:

"They found three main reasons why participants in their study did not install updates: participants found security updates often bundled with other undesirable features, they had difficulty assessing the value of an update, and they were confused about why updates were needed."

“Installing updates was also the security measure with the highest percentage difference between experts and non-experts; it was mentioned by 35 per cent of experts, but only by 2 per cent of non-experts. In addition, 2 per cent of experts said they turn on automatic updates—an action that no non-expert mentioned."

"Our results suggest that one reason some non-experts don’t install updates might be the lack of awareness on how effective updates are."

"Seven non-experts reported delaying updates out of concern that new versions of software might contain bugs."

On antivirus software:

"Thirty-five per cent more non-experts than experts said that running antivirus software on their personal computers is one of the top three things they do to stay safe online."

"The high adoption of antivirus software among non-experts and their high willingness to follow this advice might be due to the good usability of the install-once type of solution that antivirus software offers."

"While experts acknowledged the usability of antivirus software, some also cautioned that antivirus is

not a bulletproof security solution."

On the use of a password manager:

"The low adoption rate of password managers among non-experts might stem from a lack of understanding of its security benefits."

” A reason for this lack of trust was the fear that, if stored or written down, passwords could be leaked."

"In fact, 2% of non-experts thought that not letting browsers remember their passwords was one of the top things they do."

"In addition to perceived lack of effectiveness, other factors such as poor usability might stall adoption of password managers among non-experts."

There's a lot of more information to be had and it's an interesting read for those who want to delve into the minds of security experts to rationalize the use their security methods compared to non-experts. Of course, any and all security measures taken are going to keep you more safe than not but ending misconceptions or misunderstandings of certain practices is going to go a long way to keeping everyone that much more secure online. The full research paper can be found here.