The connected American home: a false sense of cybersecurity?

Online security is a shared responsibility, but how much responsibility is the typical American household taking for its online safety? ESET thought National Cyber Security Awareness Month (NCSAM) would be a good time to pose that question, and we used a survey to find answers, some of which may surprise you. On the one hand, close to 80 percent of American homes report feeling cyber secure, with almost half (49 percent) showing a remarkably strong sense of confidence. This may be good news for the digital economy, but other findings from this study suggest that this confidence is misplaced and there is cause for concern on several fronts.

The study, “Behind Our Digital Doors: Cybersecurity & the Connected Home,” was based on a September 2015 survey of 1,433 adults in the United States conducted by Zogby Analytics. Not surprisingly, the survey found that 97 percent of American households have at least one Internet-connected device, and two thirds of respondents reported having as many as five devices. Six or more connected devices can be found in 30 percent of homes.

These rapidly expanding home networks are cause for security concern when you look at what the survey tells us about home routers. Increasingly these devices are the heart of the home network, and routers are quickly becoming the hubs of the domestic Internet of Things. Home routers are also increasingly targeted by cybercriminals who find them valuable for a variety of nefarious purposes, from denial of service attacks to fraud (for example, the Linux/Moose worm described on We Live Security). Despite home routers’ vulnerabilities, 40 percent of households surveyed said they had not changed the default factory password on their home routers, with another 60 percent saying they hadn’t changed, or couldn’t remember changing, their router passwords in the last 12 months. These responses represent a lack of domestic security awareness that the bad guys are more than happy to exploit. A home router that still uses the default password is not just an unlocked door; it is a wide open door because automatic scans of the Internet can readily identify these devices.

Additionally, the survey indicates many families are using their Internet connections to share sensitive data, from online banking (66 percent) to taxes (30 percent) to connecting to or with work computers (51 percent). Clearly, there are strong reasons for having strong online security policies in the home, and the survey found some good news when it comes to families’ online safety habits. For example, 60 percent of households said that cyber rules are set for their homes by parents or heads of households, and 75 percent of families have had conversations with their children about using the Internet safely and securely. This is encouraging, as is the fact that 90 percent of American parents have made at least one rule about using the Internet and connected devices.

Unfortunately, while these numbers indicate we have made some important steps in the right direction, there is much more to be done. For example, nearly 60 percent of parents don’t require their children to get permission before downloading new apps or games or joining new social networks. A similar percentage allow password sharing with friends, and only 34 percent require children to provide all of their passwords to online accounts. Given that the survey found 70 percent of parents don’t limit the kind of personal information their children can share on social networks, these findings indicate a need to do more awareness raising in the home.

Consider the issue of downloading apps. Security researchers have been finding ample evidence that failure to exercise good judgment in this activity can lead to malware infection, notably on tablets and smartphones (several cases of app infection are reported here). It doesn’t sound like parents are exercising enough control in this area, possibly because they are not aware of the risks posed by behaviors like getting “free” versions of paid apps from unofficial sources, or downloading pirated content (only 30 percent of parents said their family had a rule against the latter).

Clearly, the rapid growth of desirable digital technology for the home is a challenge for many parents, and the survey suggests they could use more help from schools. Sadly, only 54 percent of households reported that their children had received instruction in school about the safe, secure or ethical use of technology. Two further findings underline the need for schools to do better. First, 16 percent of families had been notified of data breaches at school. Second, only 22 percent had heard of cyber challenges or competitions available to their children, which is perhaps unsurprising when we know that many states provide little or no computer science education.

There may still be some neighborhoods in America where people feel safe in their homes even when the doors aren’t locked, but sadly the Internet is not that type of neighborhood. These survey findings tells us that most American families have some level of security awareness and are taking steps to stay safer online, but as the size and complexity of home networks continues to grow, there is much more security education to be done, in the home, at school and in the community at large. You can find more information about promoting online safety education at home, at work and in the community at staysafeonline.org.

About the Author

Stephen Cobb has been researching information assurance and data privacy for more than 20 years, advising government agencies and some of the world’s largest companies on information security strategy. A Certified Information System Security Professional (CISSP) since 1996, Stephen is based in San Diego as part of the ESET global research team.