Security Experts Versus the Layperson
If you are like most technology professionals family and friends come to you for advice on anything tangentially related to technology. On Thursday, Google published a blog post citing research that compared the online security practices of security professionals to those of a layperson. The infographic below summarizes the results. The top five security practices used by security experts:
- Install Software Updates
- Use Unique Passwords
- Use Two-Factor Authentication
- Use Strong Passwords
- Use A Password Manager
If we could add one more - don’t install or uninstall software with a poor security track record. That’s right, I’m looking at you Adobe and Oracle. Recently there have been calls to kill the Adobe flash player. In truth, most security professionals I know have stopped using Adobe Flash, client-side Java, and Acrobat years ago with almost no impact.
What about enterprise applicability?Every single security person I talked to nodded and smiled about how close to home the study hit and, when asked, almost without exception they all admitted there personal security hygiene far exceeded their organization's practices. How many security organizations have policies enforcing unique passwords for enterprise applications? By a show of hands, how many have site licenses for password managers? While federated identity solutions may enforce two out of the top three best practices, it’s rare to see full coverage of every application.
The takeaway - let’s practice what we preach and get all five of the "security expert" best practices codified in organizational policy.
Oh, and Flash must die!
GRC Consultant at Saiyan Cybersecurity
10yJava?
CISO @ Datadog
10yIt's also pretty sad when one of the biggest security tools uses flash for their UI :(