Six in 10 internet users faced at least one cyber threat in the past year, primarily cause by poor password hygiene. Consumers also tend to shun security solutions and adopt the bad habit of sharing account passwords with others. Mobile security is also ignored, with many refusing to believe that a security app for their phone is worthwhile.
Bitdefender recently commissioned a global online behavior survey from research firm iSense Solutions and found that consumers exhibit five key risky behaviors online. We look at them more closely in the paragraphs below.
According to the 2021 Bitdefender Cybersecurity and Online Behaviors report, more than half of respondents use a single or a few passwords across online accounts, greatly exposing themselves to having multiple accounts compromised at once if even a single passwords leaks out.
Approximately a quarter of consumers use passwords that are extremely easy to guess. Males are more likely to use a simple password for their account versus females (31% vs 23%), and simple passwords are more popular among the 18-44 age group than among those 54 and older.
Making matter worse, as many as 28% of respondents admitted to writing down passwords in hard/physical format for fear of forgetting them.
On their mobile, almost a third of users opt for easy-to-guess passcodes like 0000, 1111 and 3333, and as many as 11% of users don’t even enable phone locking.
Poor password hygiene is a leading cause of account takeover. Cybercriminals use dictionary attacks to guess weak passwords and steal accounts, leading to all sorts of conundrums for the victim, including fraud.
Bitdefender recently published a comprehensive guide on how to keep passwords safe from prying eyes. Read: How to Keep Your Passwords out of the Wrong Hands.
Our survey found that 60% of Internet users can be deemed ‘exposed’ or ‘very exposed’ based on behaviors related to account sharing.
Respondents admitted they shared account details, and not just with family members, but also with friends, for things like car service/rental accounts (60%), followed by video streaming (49%), airline companies (45%) and software utilities (44%).
Sharing an account with someone – regardless of the service – greatly exposes both parties to social engineering, account takeover, and fraud.
If you’re going to share an account with family members, make sure everyone is up to speed on the cyber threats you all face in today’s landscape. Ideally, you should never share an online account with someone outside your household.
Whatever you decide, it’s a good idea to always have a solution like Bitdefender Digital Identity Protection (DIP) at your side, keeping tabs on the security of your online accounts and the data you have visible to others on the web. DIP scans the web for unauthorized leaks of your personal data and monitors to determine if your accounts are exposed, making it easy to take action well before disaster strikes.
Another negative trend we observed in the iSense survey was consumer rigidity towards security solutions – especially on mobile.
While many do understand the need for a dedicated security solution, 15% of respondents absolutely refuse to hear about it.
This is especially true of mobile devices. Some 30% of consumers use no security service on their mobile device. And, among those, Android phones are more exposed than others, such as Apple’s iPhones.
The interesting part came when surveyors asked participants to name the actual reasons behind their reluctance. Answers ranged from “I don’t need one” and “it’s too expensive” to “my phone has security built in” and “I don’t trust antivirus vendors.”
Chart 5 below paints a clearer picture of the various feelings people have towards mobile security solutions, despite clear indications that mobile security is just as important as desktop security – perhaps even more so, considering the rise in telefraud, smishing and stalkerware incidents targeting phones specifically in recent years.
Considering the steady rise in security threats year after year, Internet users should consider investing not just in desktop security – to fend off threats like ransomware and zero-day attacks, but also in mobile security – to thwart malicious apps, misconfigurations, data leaks and even mobile-specific malware.