“...no one can hack my mind”: Comparing Expert and Non-Expert Security Practices”

Originally published two years ago by a team of three researchers from Google, I encountered this paper again at a conference I recently attended about how to deal with ransomware threats. Their findings provide excellent advice for everyone and I thought it would be good to share it again.

The paper discusses the results of two surveys: One involving 231 security experts, and another with 294 web-users who are not security experts. Both groups were surveyed about what they do to stay safe online. The intent was to compare responses from the two groups in order to better understand any differences in professional’s and casual user’s approaches to security.

Here are the top 5 practices by group:

Security Experts
Non-Experts
1. Install Software Updates
1. Use Antivirus Software
2. Use Unique Passwords
2. Use Strong Passwords
3. Use Two-Factor Authentication
3. Change Passwords Frequently
4. Use Strong Passwords
4. Only Visit Known Websites
5. Use a Password Manager
5. Don’t Share Personal Information

                
73% of experts used a “password manager” as opposed to only 24% of non-experts. In the words of one IT Professional, “Password managers change the whole calculus because they make it possible to have both strong and unique passwords.”        

35% of experts and only 2% of non-experts said installing software updates was one of their top security practices. Experts recognize the benefits of updates. “Patch, patch, patch,” said one. Non-experts do not seem to understand the benefits of software updates or how they work and are also concerned about the potential risks: “Automatic software updates are not safe in my opinion, since it can be abused to update malicious content.”

42% of non-experts vs. only 7% of experts said that running antivirus software was one of the top three things they do to stay safe online. Experts acknowledged the benefits of antivirus software, but expressed concern that it might give users a false sense of security since it’s not a bulletproof solution.

My own “Top 5” would be:

1. Install automatic updates verified by the publisher (especially for the operating system).
2. Use antivirus software.
3. Use strong passwords.
4. Only visit secure or known websites.
5. Use only a secure “WiFi” connection or a “VPN.”

And don't forget to back everything up!

You can read the entire paper here:

https://www.usenix.org/system/files/conference/soups2015/soups15-paper-ion.pdf

Comments

Post a Comment

Popular posts from this blog

EOQ Calculations in Excel

Image
Last week in Operations Management we used Excel to calculate the Economic Order Quantity and graph Carrying Costs, Ordering Costs, and Total Costs. The Economic Order Quantity or "EOQ" is the order size that "minimizes" Total Costs. Any more or less and you are spending too much on ordering or too much on keeping inventory. For example, in the Excel spreadsheet below, if you had an Annual Demand of 12000 units, Ordering Costs of $10 per order, and Holding costs of $4 per unit per year, the EOQ would be 245 units and Total Costs would be $980.00: We used the following formula in Excel to calculate EOQ: =SQRT((2*B2*B3)/B4) And the following formula to calculate Total Costs at this point: =$B$6/2*$B$4+$B$2/B6*$B$3 To create the graph, we used the following formulas and simply copied them over a range of 100 to 500 units. Ordering Costs: =$B$2/D2*$B$3 Holding Costs: =D2/2*$B$4 Total Costs: =F2+G2 Looking at this chart, we can clearly see that our order size of 245 is
Read more

Reliability Calculations in Excel

Image
In Operations Management today we used Excel to calculate product reliability. Reliability is defined as "the ability of a product, service, part, or system to perform its intended function under a prescribed set of circumstances" (Stevenson, 2009). In order to calulate reliability over a given length of time we need to use the following formula: P(no failure) = e -t/MTBF where: e = 2.7183 t = Length of service before failure MTBF = Mean Time Between Failures One of the cases we did in class involved an auto detailing company that wanted to calculate the reliability of its vacuum cleaners. Excel provides an "EXP" funtion that we can easily apply here. After entering all data for the problem as shown on the spreadsheet below, we type the formula =EXP(-A5/$B$2) in cell B5 and copy down. Next we plot the distribution for t=0 to the maximum life expectancy of 20 years using a line graph. What we end up with looks like a classic case of "ex
Read more

“How Are We Doing?” Efficiency, Utilization, and Productivity

Image
In business, knowing how we are performing in relation to our competition is vital. Internally we want to know if we are using resources effectively and getting the most out of what we have. Efficiency and Productivity are two calculations that are fundamental to the success of any organization. While the calculations are simple, choosing what measures to use and collecting the necessary data requires a thorough understanding of your industry. To calculate Efficiency you will have to first decide what to use as a base for comparison. Does your company already have a “target” of some kind? Like total units produced? If so then you can compare everything to that. Once you have that, there are a couple of basic formulas that can be used: Efficiency = Actual Output/Effective Capacity X 100% Utilization = Actual Output/Design Capacity X 100% Design Capacity is the maximum output achieved under ideal conditions. Effective Capacity is always less than Design Capacity because of factors
Read more