People's ignorance of online privacy puts employers at risk

People say they are responsible for their own online safety, yet do very little to protect the information they share on social media, which increases the risks to themselves and employers, a study shows.

People say they are responsible for their own online safety, yet do very little to protect the information they share on social media, which increases the risks to themselves and employers, a study shows.

[Employees easily tricked on social media prime phishing attacks]

Nearly two thirds of respondents to a Harris Interactive survey of more than 2,000 U.S. adults embraced individual responsibility in protecting privacy. Only 12 percent said social media, used by more than four out of five American adults, was responsible for the online safety of users.

While taking on the burden of guaranteeing their own safety, respondents didn't do much to protect themselves. More than half had not read the most recent privacy policy for their social media accounts, and less than three in 10 had read the whole document.

The disconnection suggests that people's attitude toward privacy accountability is more ideological than practical, said Stephen Cobb, senior security researcher at ESET, which commissioned the study. As a result, people place themselves and employers at risk by not fully understanding how information is used and who sees it.

"What I think people lack are the resources and education to follow all the way through with (protecting information)," Cobb said Thursday.

If people prefer to be stewards of their online privacy, then schools, consumer advocates and private industry have an obligation to provide training. The survey found only about a quarter of the respondents had any formal instruction, which should be a warning to those companies that assume people know how to be safe online.

"The average American adult isn't going to walk through the door well prepared to protect that company's information," Cobb said. "They need help. They need education."

While social media often changes privacy policies, the survey found that only one in five respondents had ever adjusted the settings on their accounts. Because companies tend to activate the most open settings by default, users may be sharing much more information than they realize.

Keeping up with the constant changes in privacy policies, which tend to be long and filled with legalese, is important to avoid surprises. For example, Facebook and Google made changes last month that riled some users.

Facebook removed the option of hiding one's profile in search results. Google introduced a new setting called "Shared Endorsements" that would show the product preferences of Google+ users next to ads on the social network.

While companies often allow people to opt-out of such changes, this is unlikely to happen if users are not regularly reviewing privacy policies.

Threats associated with social media are real. Almost 30 percent of survey respondents said one or more of their accounts had been hacked, with more than half of that number victimized this year.

[Raytheon study highlights strengths, deficiencies of Millennials]

A third of the respondents had received at least one suspicious message in social media and one in five had encountered malware or links to malware.

As a result, almost 90 percent of survey respondents were concerned about viruses and hackers when visiting their favorite websites. Only about a third of the respondents believed websites were doing a good job protecting visitors from malicious code.

Join the CSO newsletter!

Error: Please check your email address.

Tags security

More about FacebookGoogleHarris InteractiveInteractive

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Steve Ragan

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place