On Cybersecurity, Clients Have a Lot to Learn

Too few clients can correctly identify a phishing attack. Too few clients can correctly identify a phishing attack.

Your clients are getting the message that they need secure passwords and that public Wi-Fi isn’t ideal for checking their bank accounts, but they aren’t so clear about other cybersecurity principles, according to a study released Wednesday by Pew Research Center.

The survey, conducted in June among over 1,000 American adults, found that “a substantial majority” of internet users could only answer two out of 13 cybersecurity questions correctly.

(Related: 3 Emerging Risks Your Clients Aren’t Prepared for in 2017)

They know that passwords with a mix of capital and lowercase letters, numbers and special characters are more secure (the survey didn’t ask if they themselves are using a password like that, but three-quarters of respondents correctly picked the most secure password from a list).

They also know that just because they have to ask the barista for the Wi-Fi password doesn’t mean the network is safe.

More technical questions were worryingly, if understandably, confusing to respondents. For example, less than half knew email and Wi-Fi networks aren’t encrypted by default and just a third knew that the S in “https” means the information they enter on a website is encrypted. A virtual private network was almost completely foreign to respondents; just 13% knew the benefit of a VPN.

However, some cybersecurity issues that consumers should be familiar with were apparently confusing. Just 54% were able to identify a phishing attack out of several examples. Almost a quarter admitted they weren’t sure which example they were given was a phishing attack.

There’s a clear opportunity for advisors to help their clients with cybersecurity issues. Although few of the questions on the survey were correctly answered by a majority of respondents, they recognize that they don’t know about these issues and answered “not sure” instead of answering incorrectly — with one notable exception.

Consumers have the wrong idea about multi-factor authentication. Only 10% of respondents could correctly identify an example of multi-factor authentication from a set of screenshots. Over 70% answered incorrectly.

Pew did find a slight correlation between age and answering correctly, but not much. On average, respondents between ages 18 and 49 answered six of 13 questions correctly, while those over age 50 answered five correctly.

“Indeed, on a number of these questions internet users age 65 and older are just as knowledgeable as those ages 18 to 29,” according to the report. The oldest and youngest respondents were equally likely to correctly identify a phishing attack, to understand the benefits of a VPN or know what ransomware is, and to identify the most secure password.

The oldest respondents were less likely to know that private browsing mode doesn’t stop their internet providers from monitoring their activity, or that turning off the GPS on their phone doesn’t stop all tracking. There was also a significant gap between older and younger respondents who correctly recognized multi-factor authentication.

The report is based on data collected last summer, but Pew has a short quiz based on the questions that were asked.

--- Read Advisors' Low-Tech Cybersecurity Action Plan on ThinkAdvisor.

Reprints Discuss this story
We welcome your thoughts. Please allow time for your contribution to be approved and posted. Thank you.