Trying To Keep Your Data Safe? You're Probably Doing It Wrong | KERA News

Trying To Keep Your Data Safe? You're Probably Doing It Wrong

Jul 23, 2015
Originally published on July 25, 2015 1:26 pm

Long gone are the days when you could pass off all your computer issues to an expert — IT support or the broadband 1-800 number. Today, in this always-connected, mobile world, regular people find themselves in a challenging situation.

On our own, we have to manage security on our devices, patch software and update passwords. And according to a new survey by Google, we're not prioritizing well.

Take a look at your smartphone or laptop. Are you one of those people who keeps hitting "ignore" or "remind me later" when you get that annoying prompt to update software?

I asked some people in Oakland, Calif., who own and rely on smartphones and other devices how they react to those prompts.

" 'Ignore.' Never, 'tell me later,' " says Nolan Darby. When he's trying to read something, those reminders "just pop up. And it interrupts what I'm actually doing. I don't need all those reminders."

Amelia Kirby doesn't care much for the alerts to patch software, either. "My old phone, when I updated it before, I used to lose contacts," she says. "So then I think I got kind of paranoid about doing the updates."

Lisa Handley says she's not the help desk, and patching takes too long. "You don't want to waste the time you have on your computer doing a download," she says.

Donald Mabrey worries sometimes that these notices to update could actually be hackers in disguise.

"I always think about that with anything on these phones these days," he says. "I'm hearing they can turn your phone on, and turn it off, they're looking at you right now, even from your smart TVs."

What The Study Shows

Google is releasing a new study Thursday, looking at how regular, nontechnical people prioritize online security, as compared with the experts. It turns out that a deep rift has formed. Yes, both the experts and the laypeople believe in a strong password. But after that, things fall apart.

Thirty-five percent of experts said that "installing software updates was one of their top security practices," while 2 percent of non-experts see this as a priority, according to the study.

"That's a pretty stark gap," says Gerhard Eschelbeck, chief of cybersecurity for Google.

There's a similarly stark gap when it comes to antivirus — the software that has long been hailed as the all-purpose cleaner, the rubbing alcohol of the Internet. Forty-two percent of the non-­experts surveyed say products like McAfee and Norton are key. But among the experts like Eschelbeck, just 7 percent agree.

"Antivirus has absolutely its place. But it's not like the only one solution that people can and should rely upon," Eschelbeck says.

That's especially true because antivirus doesn't block the new generation of hacks and targeted attacks. Some security experts even say "antivirus is dead" — though Eschelbeck thinks that's an overstatement.

Fighting The Password Battle

And when it comes to passwords — making strong ones and remembering them — he says there's another gap.

"Well, the sticky note certainly hasn't worked in the past," he says. "And usually you never find the sheet of paper when you need it."

About three-quarters of experts surveyed use a password manager. It's a tool that makes up crazy-complicated, 36-digit passwords for any site you want, and then stores each unique one in a central vault.

This might sound like a bad idea. And, irony of ironies, the popular service LastPass announced in June that it got hacked. (I use it and had to spend an entire evening changing all my passwords.)

Still, Eschelbeck insists, "the password manager clearly is the least amount of risk compared to the alternatives that you have available."

Online security is not intuitive. It can even be counterintuitive. (Why would you put all your passwords in one place? "Target" is written all over it.)

Eschelbeck says experts have to get better at communicating basic defense to the non-experts, who need it.

Copyright 2015 NPR. To see more, visit http://www.npr.org/.

Transcript

DAVID GREENE, HOST:

Your software needs to be updated. Remember the days when if that were true, you might call IT support, maybe go to a computer store, maybe seek some kind of expert? Well now we're so connected through Wi-Fi and networks, we are expected ourselves to download software and manage security and update passwords. And according to a new survey by Google, we are really bad at this stuff. Here's NPR's Aarti Shahani.

AARTI SHAHANI, BYLINE: Take a look at your smartphone or laptop. Are you one of those people who keeps hitting ignore or remind me later when you get that annoying prompt to update software?

NOLAN DARBY: Ignore, never tell me later.

SHAHANI: This is Nolan Darby.

DARBY: I'm trying to read something, and then they'll just pop up, you know? And it interrupts what I'm actually doing. I don't need all those reminders.

SHAHANI: Amelia Kirby and Lisa Handley don't care much for those reminders either.

AMELIA KIRBY: My old phone, when I updated it before, I used to lose contacts. So then I think I got kind of paranoid about doing the updates.

LISA HANDLEY: You don't want to waste the time that you have on your computer to doing a download.

SHAHANI: Like, you're not the helpdesk.

HANDLEY: Exactly, exactly. Thank you (laughter) yeah.

SHAHANI: Donald Mabrey worries that sometimes these notices to update could actually be hackers in disguise.

DONALD MABREY: I mean, I always think about that with anything on these phones these days. Yeah, 'cause I'm hearing that they can turn your phone on and turn it off or they're looking at you right now - even from your smart TVs, I'm hearing things.

SHAHANI: Google is releasing a new study today looking at how regular, non-technical people prioritize online security as compared to the experts. It turns out a deep rift has formed. Yes, expert and lay person believe in a strong password. But after that, things fall apart.

GERHARD ESCHELBECK: Experts prioritize installation of software updates and patches at a level of 35 percent.

SHAHANI: Gerhard Eschelbeck is chief of security for Google.

ESCHELBECK: While non-experts, only 2 percent of them see this as a priority to protect their systems. And that's a pretty stark gap.

SHAHANI: There's a similarly stark gap when it comes to antivirus, the software that's long been hailed as the all-purpose cleaner, the rubbing alcohol of the Internet. Nearly half of the non-experts surveyed say products like McAfee and Norton are key. But among experts like Eschelbeck, just 7 percent agree.

ESCHELBECK: Antivirus has absolutely its place. But it's not, like, the only one solution that people can and should rely upon.

SHAHANI: Especially because antivirus doesn't block the new generation of hacks and targeted attacks that we're seeing. Some security experts even say antivirus is dead, though Eschelbeck thinks that's an overstatement. And when it comes to passwords, making strong ones and storing them, he says there is another gap.

ESCHELBECK: Well, the sticky note certainly hasn't worked in the past. And usually you never find the sheet of paper when you need it.

SHAHANI: About three quarters of experts surveyed use something you've probably never heard of, a password manager. It's a tool that makes up crazy-complicated, 36-digit passwords for any site you want and then stores each unique one in a central vault. This might sound like a bad idea. And irony of ironies...

(SOUNDBITE OF ARCHIVED RECORDING)

UNIDENTIFIED REPORTER: LastPass, which is a password protection service that exists to prevent hacking, got hacked.

SHAHANI: News broke in June. I know because I use it and had to spend an entire evening changing all my passwords. Still, expert Eschelbeck insists...

ESCHELBECK: The password manager clearly is the least amount of risk compared to the alternatives that you have available.

SHAHANI: Online security is not intuitive. It can even be counterintuitive. Eschelbeck says his camp, the experts, have to get better at communicating basic defense. Aarti Shahani, NPR News, San Francisco. Transcript provided by NPR, Copyright NPR.