BETA
This is a BETA experience. You may opt-out by clicking here

More From Forbes

UK And Germany Double Down On Joint AI, Clean Energy R&D Efforts
Decarbonizing Heavy Transportation: Quantron's Michael Perschke On Pioneering Hydrogen Solutions
Bridging The Digital Divide In The AI Era - The UNDP Way
Big Tech Ramps Up Content Moderation Amid EU Pressure
Spain's Successful Miura 1 Launch Reignites Europe's Hopes For Space Exploration
UNESCO And The Netherlands Launch Initiative To Ensure Ethical Oversight Of AI
Edit Story
ForbesInnovationConsumer Tech

If You Don't Know Much About Cybersecurity, You're Not Alone

Kevin Murnane
Former Contributor
Opinions expressed by Forbes Contributors are their own.
This article is more than 7 years old.

Credit: Typography Images/Pixabay

The Pew Research Center conducted a survey to discover what Americans know about personal cybersecurity. The results are troubling. Most people know very little which makes them vulnerable when they go online.

The Pew survey was designed to paint a broad picture of general knowledge about cybersecurity but it is also an excellent tool for discovering possible weak points in your own internet protection. If you take the survey, the questions you don’t answer correctly tell you what you need to learn to increase your online safety.

Pew’s survey was composed of 13 multiple choice questions. The online version only has 10. You can find the three missing questions and a link to the online survey in the Forbes article "Here’s An Easy Way To Find Out How To Increase Your Security Online". Take the survey, answer the three missing questions, and note the ones you didn’t get right. Armed with this insight, return here and use the information and the links presented below to turn your security weaknesses into strengths.

The survey results are based on a weighted, nationally-representative sample of internet users 18 years of age and older. In general, age made little difference in cybersecurity knowledge. People aged 18 to 49 averaged six correct answers (out of 13) while those aged 50 to 65+ averaged five. Cybersecurity knowledge generally increased with education.

Only four questions were answered correctly by more than 50% of the respondents and only 1% of the respondents got all the answers right. For most questions, more people indicated they were unsure of the answer than gave the wrong answer.

The Pew survey included a question about consumers access to their credit reports which is not germane to internet security. Here are the security topics covered in the remaining 12 questions along with a brief explanation of each, a link to further information, and a breakdown of the answers given by the survey respondents.

Example of multi-factor authentication used in the Pew survey

Credit: Pew research Center/Used by permission

Multi-factor authentication

The survey asked people to identify which among four images was an example of a multi-factor authentication screen. Ten percent got it right, 71% got it wrong and 18% weren’t sure.

Multi-factor authentication requires the user to provide two or more keys to unlock access to a website. One key is usually the user’s password. A commonly used second key is a security code that is sent to the user in a text message or email. TechTarget has a good introduction to multi-factor authentication.

Virtual private networks

The survey asked “What kind of cybersecurity risks can be minimized by using a Virtual Private Network (VPN)?” Thirteen percent got it right, 16% got it wrong and 70% weren’t sure.

A VPN acts as a connection between the user’s computer, smartphone or tablet and the internet. All the information passing between the user and the net is encrypted and the user’s identity and browsing history is hidden from both websites and the user’s ISP. How-To Geek has a good general introduction to VPNs and WiTopia has a list of the reasons why you might find a VPN useful.

Botnets

The survey asked “A group of computers that is networked together and used by hackers to steal information is called a….” The correct answer is botnet. Sixteen percent got it right, 10% got it wrong and 73% weren’t sure.

Botnets hide on your computer and hijack it to perform distributed denial-of-service attacks. The attack that took down the internet for much of the US and Europe last October was carried out with a botnet hidden on Internet-of-Things devices like routers and webcams. How-To Geek has a good general introduction to botnets.

Beware! There's no "s"

Credit: Geralt/Pixabay

https://

The survey asked “What does the “https://” at the beginning of a URL denote, as opposed to http:// (without the “s”)?” Thirty-three percent got it right, 12% got it wrong and 54% weren’t sure.

The “s” in https:// means that communication between the user and the website is encrypted using a form of encryption called SSL (Secure Socket Layer). If someone intercepts information you enter on a website, such as your credit card number, they will not be able to read it. ITProPortal has a good explanation of how https:// works that’s written for non-technical readers.

Private browsing

The survey asked “Can internet service providers see the online activities of their subscribers when those subscribers are using private browsing” such as Chrome’s Incognito function? Thirty-nine percent got it right, 12% got it wrong and 49% weren’t sure.

Yes, they can. Note that yesterday the US House of Representatives passed a resolution that allows ISPs to sell a user’s browsing history to anyone who wants to buy it without the user’s knowledge or permission. The Senate had already passed the resolution and the Trump administration has signaled that they're eager to sign it. If you privately browse websites you don’t want anyone to know about, you might want to consider a VPN. Mashable has a good article on how private browsing works.

Encryption on WiFi routers

The survey asked, true or false, “All Wi-Fi traffic is encrypted by default on all wireless routers.” Forty-five percent got it right, 11% got it wrong and 44% weren’t sure.

The correct answer is “False”. Lifewire has a good introduction to WiFi encryption and general WiFi security.

Email encryption

The survey asked, true or false, “All email is encrypted by default.” Forty-six percent got it right, 10% got it wrong and 43% weren’t sure.

Again, the correct answer is “False”. Email encryption is valuable but it can be difficult to set up and inconvenient to use. Digital Guardian provides a basic introduction and CompariTech gives you a more technical tutorial on how to set up email encryption for a variety of email applications.

Credit: Malwarebytes

Ransomware

The survey asked “Criminals access someone’s computer and encrypt the user’s personal files and data. The user is unable to access this data unless they pay the criminals to decrypt the files. This practice is called…” The correct answer is “Ransomware”. Forty-eight percent got it right, 9% got it wrong and 43% weren’t sure.

It’s particularly disturbing that less than half the respondents knew what ransomware is given that it’s the most widespread type of malware by far and the consequences of a ransomware attack can be dire.  Digital Guardian has a good introduction to ransomware that includes advice on how to protect yourself, and Heimdal Security has a more detailed article that gives you a lot more information.

Tracking a smartphone’s location with GPS

The survey asked, true or false, “Turning off the GPS function of your smartphone prevents any tracking of your phone’s location.” Fifty-two percent got it right, 22% got it wrong and 26% weren’t sure.

The correct answer is “False”. If a cell phone is turned on, the phone’s approximate location can be determined from the signal strength between the phone and the cell towers in the phone’s neighborhood. There’s nothing you can do about this other than never power up your cell phone. Smartphones also track your location and make this information available to the apps on the phone. Ubergizmo has a good walkthrough for turning location tracking off for Android phones, iPhones and web browsers.

Phishing

The survey asked which of three statements described a phishing attack. The correct answer was all of them. Fifty-four percent got it right, 21% got it wrong and 24% weren’t sure.

Phishing is a technique for gaining access to a user’s computer or to their sensitive information such as passwords and credit card numbers by posing as a legitimate and trustworthy source. Phishing attacks are usually delivered through email. The John Podesta hack that breached the Democratic National Committee servers was a phishing attack. TechTarget has a good introduction to phishing.

Safety of password-protected public WiFi

The survey asked “If a public Wi-Fi network (such as in an airport or café) requires a password to access, is it generally safe to use that network for sensitive activities such as online banking?” Seventy-three percent got it right, 7% got it wrong and 20% weren’t sure.

It's not safe.  Lifehacker has a good article on how to stay safe on public WiFi networks.

Credit: Pete Linforth/Pixabay

Secure passwords

The survey asked respondents to choose which of four passwords was the most secure. Seventy-five percent got it right, 8% got it wrong and 17% weren’t sure.

People know what strong passwords look like. They also rarely use them. How-To Geek has a good article on creating and remembering strong passwords.

Cyber criminals look at the results of the Pew survey and rub their hands with glee. What they see is a country where most of the people who use the internet (which is almost everyone) doesn't know what they need to know to keep themselves safe online. In other words, they see a country of low-hanging fruit that are ripe for picking. Don't be a fruit. Take the Pew survey, identify the gaps in your security knowledge, and use this insight to turn your weaknesses into strengths.

Follow me on Twitter or LinkedInCheck out my website
Kevin Murnane
Kevin Murnane