Americans in every state are overconfident in their cybersecurity coverage, with the majority of consumers expressing confidence they are taking appropriate steps to protect themselves, according to the 2019 report published by Wakefield Research and commissioned by Webroot.
The Cyber Hygiene Risk Index, published on May 8, found that 88% of consumers expressed confidence in their own cyber hygiene. Only one in three users, however, reported knowing what the most common forms of cyber-attack are (malware and phishing) or how they work, and many report security habits that leave them dangerously exposed.
The riskiest states – the ones in which consumers are most at risk for cyber-attack – are Mississippi, Louisiana, California, Alaska, and Connecticut. But even the safest states – New Hampshire, North Dakota, Ohio, Idaho, and Kentucky – scored an average of a D rating, with a score of 65% on the states’ scorecard.
The biggest offenses in cyber hygiene include reusing passwords for multiple accounts (63% of Americans), failing to use the “private” setting on social media (64%), and falling for phishing attempts (53%).
There are some superstars of cyber hygiene in every state. This small group (5%) shares the following best practices:
They back up their data using both online and offline systems.
They pay for their antivirus software (not relying on free options), and they keep it up to date.
They use a VPN, ID protection, and secure password management services.
Compared to the overall American population, these superstars of cybersecurity hygiene are more likely to be Boomers; be married or in a relationship and live in the suburbs and are less likely to be parents.
“While Americans averaged a 60% result (D grade), this could be easily improved with some small changes to their online habits.,” said Tyler Moffitt, senior threat research analyst at Webroot. “One of the most shocking (and damaging to grade) habits we saw was the lack of precaution taken when clicking on links or attachments in emails. Louisiana, one of the riskiest states, had 44% of respondents report they did not take ANY precautions when clicking on links or attachments in emails. This behavior is really playing with fire, as our 2018 Threat Report showed 82% of all malicious internet traffic is from malspam phishing emails. Ninety percent of ransomware infections originate from phishing emails, so users really need to be careful.
“Consumers should be aware that emails creating a sense of urgency to click on links or attachments, usually by saying you’re being sued or missed a package, are often malicious. Even if the attachment at first seems like a harmless Word Document or Excel spreadsheet, this is usually just another trick. When opened, the Office attachment almost always asks you to ‘enable content.’ Consumers should never do this, as it is a macro that will allow malware to infect the computer. Simple education around the common attack vectors, like this one, will go a long way into making consumers more secure in their online habits.”