When it comes to cybersecurity, people are often their own worst enemy. That is the conclusion of the Pew Research Center, which recently published the results of a survey that asked over 1,000 Americans about their security habits and opinions on online privacy.
The report found that the majority of Americans don’t follow best practice when it comes to creating and storing their passwords and that, perhaps not coincidentally, 64% of those surveyed have experienced a major data breach.
Americans don’t follow password security best practice
There are a handful of steps people can follow to reduce the likelihood of their password – or cybersecurity in general – being compromised. This typically includes using different, complex passwords for each account; storing passwords safely; not sharing passwords with others; and installing updates and patches to programs and apps. While there are more nuanced factors of cybersecurity, the survey focused on these four fundamental measures and found that while many Americans are doing at least some of these, their habits are generally poor.
The majority of Americans (84%) keep track of their passwords by writing them down on paper or by relying on memory. While memorization may seem to be a secure method of password storage, it typically results in users choosing less complex passwords that are easier to guess or can be cracked by computer software.
The most effective way to manage passwords is to keep them in a password management system, but this is the least common of the digital approaches:
- 12% use a password management system
- 18% use a built-in password saving feature (available in most modern browsers)
- 24% use a digital note or document on one of their devices
Data breaches are common
Because Americans are so cavalier with their passwords, it is perhaps unsurprising that data breaches are common. In fact, the survey found that nearly two thirds of Americans have personally experienced a data breach (64%). That number jumps to 72% for people aged 30–64.
Among those who were surveyed:
- 41% have seen fraudulent charges on their credit or debit card
- 35% have had some sort of personal information (such as an account number) compromised
- 15% have had their Social Security number compromised
The survey also asked about breaches of online accounts:
- 16% have had email accounts taken over without their permission
- 13% have had at least one of their social media accounts hacked
Staying secure with ISO 27001
While people only have themselves to blame when poor security habits lead to credit card fraud or their social media accounts getting attacked, breaches in the workplace could see the entire company affected.
To protect against cyber attacks, an effective information security management system (ISMS) is vital. ISO 27001 is the international standard that describes best practice for an ISMS. It covers people, processes, and technology, recognizing that information security is not about technology alone.
To help your business implement an ISO 27001-compliant ISMS, IT Governance has a range of fixed-price packaged solutions. Each provides a combination of products and services that can be accessed online and deployed anywhere in the world. Find out more about our ISO 27001 packaged solutions >>