Consumers don’t help themselves when it comes to privacy

Trust in businesses’ use of data is at its lowest ebb, says Malwarebytes, but are consumers doing enough themselves?
15 March 2019

The responsibility goes both ways. Source: Unsplash

If you thought consumers might be getting over their well-justified concerns around the privacy of the data they offer up online, you’d be wrong.

A survey by anti-malware firm Malwarebytes on 4,000 participants reveals worries over personal information— whether that’s names, addresses, payment details or other vital financial data— are fresh as ever. In fact, the report entitled The Blinding Effect of Security Hubris on Data Privacy, said trust in companies to maintain data privacy remains “painfully low”.

The research found that when asked to agree or disagree with the statement, “I feel confident about sharing my personal data online,” 87 percent of respondents said they disagree or strongly disagree.

However, the report goes on to say that consumers aren’t doing much themselves to allay their lingering concerns. While data privacy was a top concern among respondents, users didn’t follow through with some of the more “difficult and cumbersome” cybersecurity best practices to keep their data safe.

“After analyzing responses from participants in Generation Z up to baby boomers, our findings show that perceived confidence in privacy practices is higher than reality,” read the report. “We determine this gap between perception and reality to be a result of security hubris.”

By this, Malwarebytes suggest that by implementing ‘simpler’ security measures, consumers believe themselves safe from attack— even if they’re ignoring more important measures— leaving themselves vulnerable to cybercriminals targeting subsequent blind spots.

The vast majority demonstrated a belief in good security hygiene— 93 percent used security software, for example— and many regularly run updates, verify website security before purchasing and refrain from posting personal information on social media.

But, at the same time, less than a third of consumers (32 percent) took time to read End User License Agreements (EULAs), less than half (47 percent) knew what permissions their apps have, and just 53 percent use password managers— even if the security of these tools has been thrown into the spotlight.

Other sloppy practices included using the same password across multiple platforms among 30 percent— this rises to 37 percent among millennials— meaning criminals could steal credentials from one source and use them elsewhere.

Malwarebytes surmises that the common factor between these cybersecurity missteps is that they are difficult to do correctly.

Take EULAs, for example, who could really admit they would be willing to spend time reading a page of jargon-heavy text on every website they visited? Meanwhile, passwords can be hard to remember, and if a user wants quick access to an app on-the-fly, as they’re intended, are they going to both with permissions?

“It’s an unfortunate truth that many of the privacy-invading policies that search engine and other online companies use are the same methods used by countless online companies to continue to provide free access to their content or continue their free services,” reads the report.

“In order to create […] ‘targeted’ experiences for their advertising customers, organizations compiled “profiles” on their users, identifying their interests and shopping habits. This information is then used to send specific types of ads to those users, based on surfing and search history or likes and shares.”

For the privacy-conscious consumer Malwarebytes suggests users could turn to VPN (Virtual Privacy Networks) to pipe data through a remote system; TOR (The Onion Router) which pipes a connection through multiple systems; and encrypted messaging apps which allow for full data encryption.

But, if a user can’t adopt some basic privacy principles— adopting new passwords for each platform being one— it’s unlikely these tools will be roundly taken advantage of.

So, while the privacy blame game shouldn’t land always on the online business, perhaps enterprises can do their bit by ensuring they are as secure as possible themselves and consider dropping the occasional, non-jargon-laden reminder to their users to strive for the same.