Americans Confident in IoT Device Security
New research by the National Cyber Security Alliance has found that the majority of Americans are highly confident in the security of their connected devices despite neglecting to practice basic security hygiene.
The NCSA today released a new report detailing how consumers protect themselves and their data when using IoT devices. The report was based on a survey of 1,000 Americans conducted in September 2020, half of whom were aged 18 to 34, and half of whom were aged 50 to 75.
Compiled as part of Cybersecurity Awareness Month, the report found that 77% of consumers aged 50 to 75 and 81% of consumers aged 18 to 34 feel "moderately to highly confident" that the connected devices they own are sufficiently secure.
Their confidence could be misplaced since more than a third (36%) of Americans in the more mature age category rarely or never check for software updates to their connected devices, while 54% of younger consumers admitted frequently connecting their devices to unprotected WiFi networks to access company servers, banking information, and email.
Furthermore, half of respondents aged 18 to 34 sometimes or never deactivate unnecessary manufacturer features such as location tracking and data sharing in newly purchased connected devices. In addition, 44% of this younger demographic always allow push notifications from apps that include requests to access location or contact data.
“There’s a disconnect between how secure consumers think their connected devices are and the security hygiene behaviors we’ve tracked,” said Kelvin Coleman, executive director, NCSA.
“Although the majority of respondents understand very basic data protection measures, like the importance of multi-factor authentication and updating default password settings on new devices, there’s still a lot of work to do in building awareness to narrow the vulnerability gap among all users.”
Respondents aged 50 to 75 were more apprehensive about using their connected devices in ways that could compromise their personally identifiable information (PII). Nearly half (42%) never use public WiFi with their connected devices to access work data, banking info, or email, and only 23% were comfortable storing backup data in the cloud.
"Given how well-documented threats stemming from these practices have become, the decision to avoid these behaviors is sensible,” commented Coleman.