According to a May 2014 survey by idRADAR, the attitude of the general public towards privacy issues and the risks of fraud are still alarmingly poor.
A national survey of 313 consumers, taken from a broad range of ages and socio-economic groups, discovered that almost four-fifths had taken no action to protect their privacy or guard their financial accounts from fraud, despite the fact that over 260 million people have been victims of data breaches since the goings-on at Target entered the public domain.
Tom Feige, CEO of idRADAR, noted that:
“There is a national data breach epidemic, and consumers shockingly show very few signs of concern. Most are taking no measures to protect themselves.”
The poll, the first in what will be a quarterly affair set to measure consumer trends, showed that the majority of respondents do not even take the time to change their passwords following a breach. Less than 10% of the consumers interviewed make a point of changing passwords on a regular basis and a little under two-thirds admitted that they only change their login credentials when a compromised website forces them to.
Alarming stuff indeed.
The survey also found that around ninety-three percent of those surveyed would expect a breached company to offer them a free credit monitoring service after the fact (a figure that may possibly have been skewed due to the nature of idRADAR’s business). Additionally, 70% of those questioned said they intend to use debit cards in preference to credit cards, despite the additional protections offered by the latter, prompting Feige to say that:
“Clearly, consumers do not want to take responsibility for protecting themselves before or after a serious breach. They want someone else to worry about it.”
Feige also suggests that the malaise amongst consumers means that “they don’t seem to care if their personal privacy rights are threatened,” and that the majority “want to rely on the government to protect them.”
Unfortunately, as we now know, many governments arguably do not have citizen’s best interests at heart at all times. Even so, the subjects of this survey were more concerned (55%) about the threat of data breaches than the potential invasion of their privacy posed by the NSA and other government agencies snooping on their phone calls, browsing habits and email messages.
Which is all a bit ironic really when you consider that the majority of those interviewed are doing nothing about either issue.
As I am sure you are aware, data breaches are big news these days and the indications are that they will continue.
The most recent of those breaches – at auction site eBay – highlights not only the sort of information that gets taken -
- customer names
- encrypted passwords
- email addresses
- physical addresses
- phone numbers
- dates of birth
- but also the challenges faced by large corporations when the proverbial hits the fan. I still know a few people who are yet to receive an email from eBay advising of them the need to change their passwords and, as this survey suggests, such communication would appear to matter not a jot to some people anyway.
The idRADAR survey does offer some incite into why such a situation exists. It comes as no surprise to learn that only 41% of the respondents had heard of the recent Heartbleed bug which ties in with figures produced recently by the Pew Research Center which found awareness of the vulnerability to be equally lacking.
Feige concluded that:
“People are not paying enough attention to this critical problem, and their lack of knowledge on the entire subject is frankly very alarming. Obviously there is a great need for education on this issue.”
And he is absolutely right.
Those readers who work in or around information security will know the importance of security awareness within the business arena. Despite the expertise of top security professionals, such as Brian Honan himself, it is still an area with a lot of development potential in my opinion.
But should security awareness be limited to the corporate sector?
I would argue not, especially after reading surveys such as this one. It appears that many home computer users could benefit from some fairly basic advice on how to stay safe on the internet and how to react to certain scenarios.
Here in the UK we have initiatives such as Cyber Streetwise that offer some early promise, but we need more. And it is not just the individual who would benefit from universal security training either - employees who buy into security to protect their own digital assets would likely think more carefully about how to protect their employer’s data too.