Play Live Radio
Next Up:
0:00
0:00
Available On Air Stations

Trying To Keep Your Data Safe? You're Probably Doing It Wrong

Long gone are the days when you could pass off all your computer issues to an expert – IT support or the broadband 1-800 number. Today, in this always-connected, mobile world, regular people find ourselves in a challenging situation.

On our own, we have to manage security on our devices, patch software and update passwords. And according to a new survey by Google, we're not prioritizing well.

Take a look at your smartphone or laptop. Are you one of those people who keeps hitting "ignore" or "remind me later" when you get that annoying prompt to update software?

I asked some people in Oakland, Calif., who own and rely on smartphones and other devices how they react to those prompts.

"'Ignore.' Never, 'tell me later,'" says Nolan Darby. When he's trying to read something, those reminders "just pop up. And it interrupts what I'm actually doing."

Amelia Kirby doesn't care much for the alerts to patch software, either. "My old phone, when I updated it before, I used to lose contacts," she says. "So then I think I got kind of paranoid about doing the updates."

Lisa Handley says she's not the Help Desk, and patching takes too long. "You don't want to waste the time you have on your computer doing the download."

Donald Mabrey worries sometimes that these notices to update could actually be hackers in disguise.

"I always think about that with anything on these phones these days," he says. "I'm hearing they can turn your phone on, and turn it off, they're looking at you right now, even from your smart TVs."

What The Study Shows

Google is releasing a new study today, looking at how regular, non-technical people prioritize online security, as compared to the experts. It turns out: a deep rift has formed. Yes, expert and layperson believe in a strong password. But after that, things fall apart.

Experts prioritize installation of software updates and patches at a level of 35 percent. Meanwhile only 2 percent of non-experts see this as a priority to protect their systems.

Gerhard Eschelbeck, chief of cybersecurity for Google, says, "That's a pretty stark gap."

There's a similarly stark gap when it comes to antivirus – the software that's long been hailed as the all-purpose cleaner, the rubbing alcohol of the Internet. Nearly half (42 percent) of the non­experts surveyed say products like MacAfee and Norton are key. But among the experts like Eschelbeck, just 7 percent agree. "Antivirus has absolutely its place. But it's not like the only one solution people can and should rely upon," Eschelbeck says.

That's especially true because anti-virus doesn't block the new generation of hacks and targeted attacks that we're seeing. Some security experts even say "antivirus is dead" — though Eschelbeck thinks that's an overstatement.

Fighting the Password Battle

And when it comes to passwords – making strong ones and remembering them – he says there's another gap.

"Well, the sticky note certainly hasn't worked in the past," he says. "Usually you never find the sheet of paper when you need it."

About three-quarters of experts surveyed use something you may never have heard of: a password manager. It's a tool that makes up crazy-complicated, 36-digit passwords for any site you want, and then stores each unique one in a central vault.

This might sound like a bad idea. And, irony of ironies, the popular service LastPass itself got hacked. News broke in June. (I know because I use it and had to spend an entire evening changing all my passwords.)

Still, expert Eschelbeck insists, "the password manager clearly is the least amount of risk compared to the alternatives that you have available."

Online security is not intuitive. It can even be counter-intuitive. (Why would you put all your passwords in one place? "Target" is written all over it.)

Eschelbeck says his camp, the experts, have to get better at communicating basic defense to the non-experts — who need it.

Copyright 2015 NPR. To see more, visit http://www.npr.org/.