Although the word “cybersecurity” didn’t even exist when we boomers were growing up, here at BoomerCafé we have figured it out and try to be careful as possible about cybersecurity. Which puts us in a minority. And which is why we are doing you a favor by running this piece from the PewResearchCenter called “What the Public Knows About Cybersecurity.” In fact, the title really ought to be, “What the Public DOESN’T know about cybersecurity.”
As Pew points out in its introduction, our personal data in this increasingly digital world can be as valuable to potential wrongdoers — and also as vulnerable — as any other possession.
What Pew’s survey finds is, many of us are unclear about some key cybersecurity topics, terms and concepts.
Then go back and read more of Pew’s report. That’s when you’ll really know how much more careful we all need to be.
Public knowledge of cybersecurity is lower on some relatively technical issues
Internet users’ understanding of the remaining cybersecurity issues measured in the survey is lower – in some cases dramatically so. For instance, 39% of internet users are aware that internet service providers (ISPs) are able to see the sites their customers are visiting while utilizing the “private browsing” mode on their internet browsers. Private browsing mode only prevents the browser itself, and in some cases the user’s computer or smartphone, from saving this information – it is still visible to the ISP. And one-third (33%) are aware that the letter “s” in a URL beginning with “https://” indicates that the traffic on that site is encrypted.
Meanwhile, just 16% of online adults are aware that a group of computers that is networked together and used by hackers to steal data is referred to as a “botnet.” A similar share (13%) is aware that the risks of using insecure Wi-Fi networks can be minimized by using a virtual private network, or VPN.
Lastly, cybersecurity experts commonly recommend that internet users employ “two-factor” or “multi-factor” authentication on any account where it is available. Two-factor authentication generally requires users to log in to a site using something the user knows (such as a traditional password) along with something the user possesses (such as a mobile phone or security token), thus providing an additional layer of security in the event that someone’s password is hacked or stolen. But when presented with four images of different types of online login screens, just 10% of online adults are able to correctly identify the one – and only one – example in the list of a true multi-factor authentication process. In this case, the correct answer was a picture of a login screen featuring a temporary code sent to a user’s phone that will only help them login for a limited period of time. Several of the other answer options illustrated situations in which users were required to perform a secondary action before accessing a page – such as entering a captcha, or answering a security question. However, none of these other options are examples of two-factor authentication.
A significant share of online adults are simply not sure of the correct answer on a number of cybersecurity knowledge questions
Although the share of online adults who can correctly answer questions about cybersecurity issues varies from topic to topic, in most cases the share providing an actual incorrect answer is relatively small. Rather, many users indicate that they simply are not sure of the correct answer to a large number of the questions in this survey.
At the low end, around one-in-five online adults indicate they are not sure how to identify the most secure password from a list (17%), how to identify multi-factor identification (18%) or whether public Wi-Fi is safe for sensitive activities (20%). At the high end, a substantial majority of internet users are not sure what purpose a VPN serves (70%) or what a botnet does (73%). There are also a number of other questions in this survey where “not sure” responses are markedly more common than incorrect answers. These include the definition of ransomware, whether or not email and Wi-Fi traffic are encrypted by default, whether private browsing mode prevents ISPs from monitoring customer activity and how to identify whether or not a webpage is encrypted. In fact, there is only one question on the survey – how to identify a multi-factor authentication screen – for which a larger share of respondents answer incorrectly than indicate they are not able to answer the question at all.
Click here for complete findings by Pew Research.