The National Cyber Security Alliance (NCSA), the Nation’s leading nonprofit, public-private partnership promoting cybersecurity and privacy education and awareness, released a new survey report detailing how consumers protect themselves and their data when using connected devices. NCSA’s study, compiled as part of Cybersecurity Awareness Month, surveyed 1,000 U.S. respondents in two age groups (500 ages 18-34; 500 ages 50-75) about perception and behavior around connected device security. The study was conducted from September 9, 2020 to September 16, 2020. Below are the key findings.

Consumers confident their devices are safe, but security practices indicate otherwise

According to NCSA’s study, 77% of consumers ages 50-75 feel moderately to highly confident that the connected devices they own are sufficiently secure. Eighty-one percent of consumers ages 18-34 feel the same way. Both segments’ security hygiene practices, however, offer a competing narrative. For example:

  • More than one-third (36%) of Americans ages 50-75 rarely or never check for software updates to their connected devices
  • 54% of consumers ages 18-34 frequently connect devices to unprotected WiFi networks to access company servers, banking information and email
  • 50% of respondents ages 18-34 sometimes or never deactivate unnecessary manufacturer features such as location tracking and data sharing in newly purchased connected devices; moreover, 44% of this demographic always accepts push notifications from apps, such as requests to access location or contact data

“There’s a disconnect between how secure consumers think their connected devices are and the security hygiene behaviors we’ve tracked,” says Kelvin Coleman, executive director, NCSA. “Although the majority of respondents understand very basic data protection measures, like the importance of multi-factor authentication and updating default password settings on new devices, there’s still a lot of work to do in building awareness to narrow the vulnerability gap among all users.”

Older users are averse to risk of compromising personal data versus younger counterparts

NCSA’s report shows that users ages 50-75 are much more apprehensive about using their connected devices in ways that can compromise their personally identifiable information (PII). The following stats paint a clearer picture of this trend:

  • 42% of respondents ages 50-75 never use public WiFi with their connected devices to access work data, banking info or email
  • 68% of users 50-75 will only download apps from trusted sources and only 23% are very comfortable using cloud storage to back up data

“Older respondents are more calculated when it comes to taking risks associated with using connected devices, choosing to stay away from public WiFi when accessing sensitive personal information, downloading apps solely from trusted sources, and largely shying away from cloud storage solutions. Given how well documented threats stemming from these practices have become, the decision to avoid these behaviors are sensible,” adds Coleman.

Fewer older employees felt prepared by IT teams to work from home (WFH); they also outpaced younger workers in enacting the most basic device security protection measures

Compared with their younger counterparts, fewer older respondents felt that their companies had prepared them well for the transition to a fully remote environment. When asked about personal WFH security precautions, respondents aged 50-75 were more vigilant when it came to the basics like regularly updating antivirus and firewall software. According to the statistics:

  • 64% of remote workers ages 50-75 felt partially or very prepared by company IT policies to switch to a WFH arrangement; 83% of those ages 18-34 felt the same
  • 49% of employees ages 50-75 ensure better WFH security by regularly updating antivirus, anti-malware and firewall software on their devices; only 33% of younger workers did the same

Remote workers ages 18-34, however, took a more high-tech approach toward WFH security, choosing to prioritize use of Virtual Private Networks (60%) and multi-factor authentication (46%) for all devices on their networks.

“The shift to remote work took most organizations by surprise. The majority overlooked the importance of an effective remote security policy, leaving it to employees to figure out,” says Coleman. “Although both sets of respondents have different, yet effective, device security methods, there are still gaps that can compromise data security. Organizations must ensure that new policies are also coupled with comprehensive employee training to minimize human error and risks to company data in the long run.”

To read the entire study, visit NCSA.