Users are too confident in their protection from threats

Most users care about online privacy and take some steps to make sure their data is protected, a new Malwarebytes survey has revealed.

But some protection measures are too burdensome to implement, which still leaves them open to many common attack avenues.

Users avoid implementing onerous security measures

Malwarebytes has polled nearly 4,000 Internet users in 66 countries and uncovered that many are lulled into a false sense of security because they implemented some of the more undemanding protection measures.

The most popular ones are refraining from sharing personal data on social media, using security software, running software updates regularly, and verifying that the websites they visit are secured before making purchases.

On the other hand, 53 percent of the respondents use a password manager/best password practices, 47 percent keep on top of the permissions their apps have access to on their mobile device, and only 32 percent of the respondents read EULAs and other consent forms before agreeing to terms.

That last piece of information doesn’t come as a surprise, as EULAs are usually incredibly long and full of technical and legal jargon.

But while we wait for legislation or new standardized operating procedures that force EULAs to be easy to absorb, users should at least give them a skim and look for anything that mentions personal data use, selling of user data or installation of additional apps.

“A faster and probably more accurate method of avoiding sneaky software that hides things in the EULA is to research the company itself,” Adam Kujawa, Director of Malwarebytes Labs, commented for Help Net Security.

“Look at user reviews, any stories that might describe previous dealings with the company and/or their software. It’s the same as if you wanted to try out a new restaurant: you would look for reviews and make sure it’s something you are going to want to begin with.”

Lack of trust in online services

87 percent of the respondents are not confident about sharing their personal identifiable information online and the numerous breaches over the last few years have shredded consumer confidence in online services’ data protection capabilities.

Social media is trusted to protect their data by less than 10 percent of the polled users. Search engine companies, on the other had, are more trusted (although definitely not by the majority of users).

“Here is where the first comprehension gap comes into play, in the belief that search engine companies are more secure than social media. While the social media platform Facebook has been in the news for alleged phone call skimming and having the data of 50 million users stolen in a breach, search engine giant Google has been fined by the French privacy data protection agency for not disclosing what they do with user data in reference to targeted advertising,” the company notes.

“It’s an unfortunate truth that many of the privacy-invading policies that search engine and other online companies use are the same methods used by countless online companies to continue to provide free access to their content or continue their free services.”

Privacy tools to consider

Users have at their disposal certain tools they could embrace to prevent being tracked, profiled, or monitored online: virtual private networks (VPNs), The Onion Router (TOR), and encrypted messagers.

Unfortunately, they have their own set of problems: not all VPNs are legitimate (some may be run by criminals, who use the access to collect user data), the anonimity of Tor users can be breached via zero-day exploits, and not all encrypted messengers are encrypted end-to-end.

In all the cases, doing one’s own research before using any of these should be a must, especially when it comes to VPNs and secure messaging apps as there are many to choose from.

“The first thing you should do is identify the reasons behind why you want this messaging app. Do you want to just be more secure? Do you want to have a few more bells and whistles like GIF and video chat? Do you want it to be something you can use only on your mobile phone or also on your desktop/laptop? When you answer these questions, you can start narrowing down the list of apps based on features,” Kujawa noted.

“Next, you need to figure out which of the options left to you provides the best security, or at least has a good track record (search for user comments, journalist reviews, etc.). Once you’ve found one with confidence, that’s the one you should use.”

But the most important thing is not to have blind faith in the security measures implemented or tools used, and to realize that the fact that we have secured ourselves in one way doesn’t mean that we are secured in all ways.

“It is easy to fall into the comfort of security hubris. However, criminals and legitimate businesses alike already know these areas of weakness and will continue to exploit them,” the company concluded.