Header Ads

How to stay safe online: Appraising expert and non-expert Security Practices.


The Internet while expounding the boundaries of communication and providing endless opportunities has not been without its challenges. These challenges which have to do with how users can safeguard their digital assets are growing exponentially and do call for concern. As a result, there is no shortage of security advice on how users can stay safe online. But the critical consideration is how much of such advice is useful and indeed effective? If we take out time and resources in setting up security measures or following so called security best practices and still end up loosing our assets, then such loses are not only wasteful but monumental. Hence, we must reflect upon all such advice we get that concerns online safety.

One good rule of thumb we can apply here is to follow expert advice. This is commonsense and almost reflexive, as people tend to gravitate towards expert advice in any endeavor. An expert is someone who has adequate skill and knowledge and is in the best position to tell us what to do. So, what do experts do to stay safe online or what advise do they give to non-technical users? A good place to start would be a research conducted by three google security experts and presented at the 2015 Symposium on Usable Privacy and Security. The paper titled “...no one can hack my mind”:Comparing Expert and Non-Expert Security Practices is quite revealing and adequately addresses our concerns.

The study compares the security practices of expert and non-expert internet users with a view to assessing the state of advice given, hoping such clarifications will result in improvement of security habits. This was done using online surveys and both groups (234 experts and 294 non-experts) were asked “What are the 3 most important things you do to protect your security online?”



The figure above is a graphical representation of the results which “shows all security measures that were mentioned by at least 5% of experts or by 5% of non-experts in response to the open-ended things-you-do question. The most common things-you-do responses from each group varied, with only one practice, using strong passwords, in common within each group’s top 5 responses. While most experts said they install software updates (35%), use unique passwords (25%), use two-factor authentication (20%), use strong passwords (19%), and use a password manager (12%), nonexperts mentioned using antivirus software (42%), using strong passwords (31%), changing passwords frequently (21%), visiting only known websites (21%), and not sharing personal information (17%).” In essence While most experts favored keeping their system updated and used two-factor authentication to stay safe online, non-experts emphasized using antivirus software and using strong passwords.

The thing to keep in mind is while there is a variance between expert and non-expert advice, nevertheless some experts did mention some advice that non-experts reported. So, a much better way to get a true sense of the thoughts of the security expert community is to consider their most mentioned pieces of advice. Below is a table of the ten most mentioned pieces of advice.



I think internet users can use this as a good checklist or benchmark for their security habits and customize this as the need arises depending on your peculiar situation, digital assets, risk appetite and online adversaries.

No comments

Powered by Blogger.