Internet Security: Are Users Ready to Resist Cyber ​​Threats?

    The number of Internet users in Russia is growing rapidly: in the fall of 2014, the monthly runet audience reached 72.3 million users, which is 62% of the population of the Russian Federation. The volume of user data in the network is also increasing, because today you can do almost everything online: from paying utility bills to buying airline tickets. At the same time, the number of cyber threats is growing. Last year, Heartbleed, Shellshock thundered around the world, draining photos of nude celebrities from iCloud and many other IT events. At the same time, Russians are at greater risk than foreign users: according to Kaspersky Lab, in the second quarter of 2014, Russia ranked first among countries in which users were most at risk of infection via the Internet.

    But is there a growing level of knowledge on how to counter cyber threats? Especially considering that today, as a result of an account hack, you can lose much more than at the dawn of Runet? Many experts believe that a huge number of users still neglect elementary rules, actually negating by their carelessness all the efforts made by online services to increase security.

    We analyzed how Russian users ensure their safety on the Internet, and also found out how often they encounter fraud. The online survey, conducted with the participation of the research company Nielsen, was attended by 1,783 people aged 15 to 64 years who live in cities with a population of over 100 thousand people and access the Internet at least once a week.

    Connection Security Check


    One of the ways to protect your login and password when working with various Internet services is to use an encrypted connection using the HTTPS protocol. You can check if the Internet resource has a secure connection in the browser address bar; as a rule, it is indicated by a lock icon (depending on the type of browser). Such a check allows you to additionally make sure that the site is not a phishing site.

    The study showed that when entering personal data in mail and social networks in almost half the cases, users do not check for a secure connection icon. But when making online payments, checking for a secure connection is accessed almost twice as often. In general, it can be said that users of online services do not attach much importance to the presence or absence of a secure connection icon.



    Sometimes, when visiting various sites, users come across an error message about the website’s security certificate. The presence of such errors may mean that they are trying to trick the user or want to intercept the information transmitted to the server. When an ad appears, it is recommended to stop working with a suspicious resource. These messages were encountered by most users (three quarters). At the same time, 21% of them continued to work with the site. Interestingly, users under the age of 34 are almost 2 times less likely to pay attention to a security certificate error and continue to work with the site.



    To access both e-mail and social networks, users usually use bookmarks in the browser or links on the quick access page. This method is safer, as in this case the user is protected from typos, which can lead to a fraudulent site. Nevertheless, every tenth user types the address in a browser line.



    Passwords Used


    Obviously, it is recommended that you create unique passwords for the most important services. After all, hacking third-party resources is the main way to steal accounts. Large services are constantly working to enhance their security, while many small forums, torrent trackers, online stores neglect such things - and hackers, knowing this, attack them. If during registration on a weakly protected resource a person indicated the same password that he uses for mail, then in case of hacking the resource, the hacker automatically gets access to the mailbox. The results of the study suggest that the same passwords for all accounts are used by 12% of respondents. 36% of respondents use different passwords for the most important, the same for the least.



    According to the results of our research, on average, a Runet user has three email accounts. Below we will separately consider the use of the main box (the only one or the most often used for personal purposes) and the additional one.

    Since it is quite difficult to come up with different passwords for all accounts, many experts recommend using unique passwords for the most important ones, including mail and social networks, and the same ones for the rest. However, 24% of email users use the password from the main mailbox on other resources, of which about 2/3 of email users use the same password on social networks (62%), 27% - in online stores, 25% - in the additional mail drawer.

    Ideally, passwords should be changed every three months. However, only a fifth of the respondents do this. It is noteworthy that 22% of the study participants never changed the password from their main mailbox, and every third - from an additional one.



    Users rarely resort to changing a password on social networks - 38% change their password no more than once a year, and 18% never change it at all.



    According to modern security standards, a strong password must consist of at least eight characters and consist of a combination of letters in different registers, numbers and special characters, selected according to a principle that is random or understandable only to the user. Only 26% of respondents use a password consisting of characters, letters, and numbers. For most users, the password consists only of letters and numbers. 37% of respondents use only lowercase letters in the password. Moreover, among holders of relatively short (less than 8 characters) passwords, such carelessness occurs almost one and a half times more often than among those whose password consists of 8 characters or more (44% and 32%, respectively). 43% of respondents use passwords between 6 and 8 characters long. 27% - from 9 to 10 characters. Only 26% of users have passwords longer than 10 characters.



    Almost a third of users use an arbitrary set of letters as a password (29%), and another 27% use a word invented by them. 17% prefer to use a Russian word typed in Latin letters in the password, which is an unsafe option, since attackers also know how to switch the keyboard layout. Among those whose passwords are numbers, 17% use the date of birth (their or those close to them), 5% use a phone number.



    Most users remember passwords from mail and social networks by heart, about 30% - write on paper. Only 3% of users use special password storage applications.



    The quality and frequency of password changes depend mainly on the user. However, today Internet services have the ability to influence the level of complexity of the set passwords. Many resources do not allow the creation of short
    • password without numbers. So, for example, it is impossible to enter a password in Mail.Ru Mail:
    • shorter than six characters
    • same as login
    • only from numbers or from numbers and dots and at the same time shorter than 10 characters,
    • being a dictionary word.

    In addition, in the process of creating a password, an assessment of its complexity level is displayed and recommendatory tips pop up urging you to use upper and lower case letters, numbers and special characters.

    Security measures when using online services


    We were also interested in what security measures users of various Internet services take: what methods of password recovery they use, how they relate to incoming links in the mail, and how they evaluate the security of their accounts. Separately, questions were asked about the security measures that users most often resort to when making online payments.

    Today, the safest way to recover a password is considered to be binding to a mobile phone number. This method of password recovery from the main mailbox is used by 68% of respondents. Those who attach an additional box to the phone number are fewer - 41%. Most often, a secret question is used to recover the password from an additional mailbox, which is much less secure compared to binding to a phone number, because, in fact, it is another password.



    One of the common methods of hacking accounts is phishing. A typical example: a user is sent a link to a site disguised as an authorization page on some popular resource. A person enters a username and password, which are immediately sent to the attacker. Therefore, when clicking on links that come from unfamiliar senders, you need to be very careful: it is better not to open them at all. Or at least check the site address. The results of the study suggest that users are wary of links that came to the main email: 74% in such cases always carefully check the address before clicking on the link. But at the same time, people are less careful about the security of an additional account: less often they change the password, less often they use the binding of the phone number,



    Let's consider what security measures users most often resort to when making online payments. First of all, they study information about an online store on the network (60%). 27% try not to make purchases in stores with free hosting. 17% verify the certificate of authenticity issued to the site. Another 17% use a virtual keyboard to protect themselves from keyloggers.



    In addition to the knowledge of users about possible security measures, we were interested in their opinion on how protected their accounts are in mail and social networks. Almost half of users think their accounts are safe. About a third are worried about the insecurity of their email accounts, believing that their mailboxes are "completely unprotected" or "rather not protected." The security of the primary and secondary mailboxes is evaluated equally on average.



    Social network users are no longer confident in the security of their accounts. In addition, almost two-thirds of users fear that the information they publish on social networks may fall into the hands of fraudsters.



    Fraud Experience


    Today, tens of thousands of people face online fraud every day. “Fraud” means stealing a password from an account and / or sending spam on behalf of a user in the mail, social networks, as well as fraud in online payments (for example, deducting funds from a card). Many experts believe that most often users suffer because of their own carelessness or inattention, negating the efforts of Internet companies to increase the level of security. This is confirmed by the results of our study. A quarter of the study participants experienced theft of the password from the main mailbox, with 9% repeatedly. 17% of respondents stole the password from an additional box.



    Our respondents are more likely to experience fraud on social networks than when using mail or making online payments. Almost half of users of social networks (48%) stole passwords, 58% received fraudulent messages, half encountered spam on their own behalf.





    Basically, users became victims of fraud for three reasons: they used simple passwords, downloaded viruses, and switched to fraudulent sites. When making online payments, the use of a simple password is less likely to cause fraud.



    Online fraud: who is facing it? Socio-demographic user profile


    Network fraud is most often experienced by people aged 15-34 years, single or unmarried. There are several more women among them than men. People over 45 years of age most often claim that they have not experienced network fraud. Usually they are married or have a common-law marriage. There are several more men among them than women.





    conclusions


    In general, it can be stated that users are still not carefully monitoring their safety on the Internet. So, almost two-thirds of users of online services have ever been victims of fraud (64%). Among the reasons, victims most often call a simple password, a downloaded virus, or switching to a fraudulent site. Almost two times less often, users say that they suffered because of the use of one password on several services or because they responded to a fraudulent message. Among online fraud victims, there are more unmarried users between the ages of 15-34.

    When entering personal data (for example, login or password), almost half of users of online services (mail, social networks) do not check for a secure connection.

    Every fifth user has never changed the password from the main mailbox, and every third from the additional one. Users rarely resort to changing a password on social networks: 38% change their password no more than once a year, and 18% never change their password at all.

    Almost a quarter of email users use the password from the main mailbox on other resources, of which 62% - in social networks, 27% - in online stores and 25% - in the additional mailbox.

    Users tend to be less careful with the security of an additional mailbox compared to the main one: they change their password less often, less often they use phone number binding, preferring a secret question for account recovery.

    Only a quarter of users use the most secure password, consisting of characters, letters and numbers. 43% of users have a password that does not exceed eight characters, the password consists of letters and numbers (without the use of special characters). Just over a third of users (37%) use only lowercase letters in the password. If we talk about the numbers used in the password, 16% choose the date of birth - their own or those close to them. As for the alphabetic elements of the password, every sixth user selects a Russian word typed in Latin letters, 8% - last name, first name or middle name, 7% - several words in a row.

    29% of users use an arbitrary set of letters as a password and 27% use a word invented by them.

    43% of respondents use passwords between 6 and 8 characters long. Just over a quarter (27%) - from 9 to 10 characters. However, we can assume that this is mainly due to the fact that today many online services do not allow the user to enter a short and too simple password (for example, when registering in Mail.Ru Mail or creating a new profile in Odnoklassniki, the user will not be able to enter a password less six characters and consisting only of letters).

    To recover the password from the main mailbox, most users (68%) use the binding to the phone number.

    Users are wary of links that came to their main email: almost three quarters of the respondents (74%) always carefully check the address in such cases before clicking on the link.

    Also popular now: