Webroot: Widespread Lack of Cybersecurity Best Practices

By | Managed Services News

Apr 08

Few Americans practice all key benchmark metrics to protect themselves from cyberattacks.

A new list of most and least cyber secure U.S. states shows a disturbing lack of cybersecurity best practices.

According to Webroot‘s fourth annual ranking, New York, California, Texas, Alabama and Arkansas are the least cyber secure states in the country, while Nebraska, New Hampshire, Wyoming, Oregon and New Jersey are the most cyber secure.

Tyler Moffitt, Webroot security analyst, tells us none of the states had an average score greater than 67%. Also, there is very little difference between the most secure and least secure states, he said.

No state scored a “C” grade or higher. That underlines a lack of cybersecurity education and hygiene nationally.

Webroot's Tyler Moffitt

Webroot’s Tyler Moffitt

“However, the most cyber secure state (Nebraska at 67%) did score substantially better than the least (New York at 52%). This score was calculated through a variety of action- and knowledge-based variables, including residents’ use of antivirus software, use of personal devices for work, use of default security settings, use of encrypted data backups, password sharing and reuse, social media account privacy, and understanding of key cybersecurity concepts like malware and phishing,” Moffitt said.

Webroot says almost all Americans claim they take steps to protect themselves online, but there’s little to support this claim. For example, few practice all key benchmark metrics (using antivirus software, backing up data and keeping social media profiles private) to protect themselves from cyberattacks.

Most Americans are familiar with malware and phishing scams, but only one third feel confident they can explain what they are.

Our Security Shortcomings

Some 83% of Americans use antivirus software and 80% regularly back up their data; however, only one half know if their backup is encrypted, and only 18% back up their data online and offline.

Also, nearly half of Americans use the same password across multiple accounts. Only 37% keep their social media accounts private.

“The results are particularly unsettling given the pandemic,” Moffitt said. “It’s even more important for employees to follow cybersecurity best practices while working from home as they’re under less strict supervision by IT while cybercriminals can still gain access to company networks and data. Also, with everyone now forced to work from home, we’re seeing spikes in the attack surface of unsecured remote desktop (RDP) machines.”

More than half of Americans routinely use their employer-provided work device for personal use, according to Webroot. Almost one half have never looked into the security of these devices. Just a third have taken any steps to improve its security.

One silver lining is our improving vigilance with data backups, Moffitt said. One half (50%) report storing their data encrypted in the cloud, up from just 43% last year.

About the Author

>