How do Security Experts Protect their Systems?

The results of a recent pair of surveys conducted by Google will allow everyone to be able to protect their systems just like the pros do.  In a new paper entitled “…no one can hack my mind”: Comparing Expert and Non-Expert Security Practices” Google elucidates the results of questions posed to 231 security experts and 294 users who are not experts in security.  In a post on their Online Security Blog, Google researchers summarized the findings of the study in a simple infographic.

Of the top five online security practices of each group, there is only one that overlaps. The principle practices of the experts include deploying unique passwords and storing them in a password manager, utilizing two-factor authentication, and regularly completing software updates. Software updates, the study has found, are viewed by some as being a risk to security—however, as Google emphasizes, they are “the seatbelts of online security; they make you safer, period.” The non-experts surveyed relied more upon frequently changing passwords and only visiting websites they were familiar with.

One major revelation from this study is that “42% of non-experts vs. only 7% of experts said that running antivirus software was one of the top three three [sic] things they do to stay safe online. Experts acknowledged the benefits of antivirus software, but expressed concern that it might give users a false sense of security since it’s not a bulletproof solution.” The installation of anti-virus software should represent a single element of a range of precautionary measures, not the totality of protective steps taken.

This study has effectively demonstrated that conventional wisdom may not always the best; that widespread practices might not be the most helpful. Everyone should be concerned about keeping the integrity of their systems and information intact, and following these recommendations will help non-experts be protected just like the experts.