The Pew Research Center conducted a survey to discover what Americans know about personal cybersecurity. The results are troubling. Most people know very little which makes them vulnerable when they go online.

The Pew survey was designed to paint a broad picture of general knowledge about cybersecurity but it is also an excellent tool for discovering possible weak points in your own internet protection. If you take the survey, the questions you don’t answer correctly tell you what you need to learn to increase your online safety.

Pew’s survey was composed of 13 multiple choice questions. The online version only has 10. You can find the three missing questions and a link to the online survey here. Take the survey, answer the three missing questions, and note the ones you didn’t get right. Armed with this insight, return here and use the information and the links presented below to turn your security weaknesses into strengths.

The survey results are based on a weighted, nationally-representative sample of internet users 18 years of age and older. In general, age made little difference in cybersecurity knowledge. People aged 18 to 49 averaged six correct answers (out of 13) while those aged 50 to 65+ averaged five. Cybersecurity knowledge generally increased with education.

Only four questions were answered correctly by more than 50% of the respondents and only 1% of the respondents got all the answers right. For most questions, more people indicated they were unsure of the answer than gave the wrong answer.

The Pew survey included a question about consumers access to their credit reports which is not germane to internet security. Here are the security topics covered in the remaining 12 questions along with a brief explanation of each, a link to further information, and a breakdown of the answers given by the survey respondents.

Multi-factor authentication
The survey asked people to identify which among four images was an example of a multi-factor authentication screen. Ten percent got it right, 71% got it wrong and 18% weren’t sure.

Multi-factor authentication requires the user to provide two or more keys to unlock access to a website. One key is usually the user’s password. A commonly used second key is a security code that is sent to the user in a text message or email. TechTarget has a good introduction to multi-factor authentication.

Virtual private networks
The survey asked “What kind of cybersecurity risks can be minimized by using a Virtual Private Network (VPN)?” Thirteen percent got it right, 16% got it wrong and 70% weren’t sure.

A VPN acts as a connection between the user’s computer, smartphone or tablet and the internet. All the information passing between the user and the net is encrypted and the user’s identity and browsing history is hidden from both websites and the user’s ISP. How-To Geek has a good general introduction to VPNs and WiTopia has a list of the reasons why you might find a VPN useful.

Botnets
The survey asked “A group of computers that is networked together and used by hackers to steal information is called a….” The correct answer is botnet. Sixteen percent got it right, 10% got it wrong and 73% weren’t sure.

Botnets hide on your computer and hijack it to perform distributed denial-of-service attacks. The attack that took down the internet for much of the US and Europe last October was carried out with a botnet hidden on Internet-of-Things devices like routers and webcams. How-To Geek has a good general introduction to botnets.

https://
The survey asked “What does the “https://” at the beginning of a URL denote, as opposed to http:// (without the “s”)?” Thirty-three percent got it right, 12% got it wrong and 54% weren’t sure.

The “s” in https:// means that communication between the user and the website is encrypted using a form of encryption called SSL (Secure Socket Layer). If someone intercepts information you enter on a website, such as your credit card number, they will not be able to read it. ITProPortal has a good explanation of how https:// works that’s written for non-technical readers.

Private browsing
The survey asked “Can internet service providers see the online activities of their subscribers when those subscribers are using private browsing” such as Chrome’s Incognito function? Thirty-nine percent got it right, 12% got it wrong and 49% weren’t sure.

Yes, they can. Note that yesterday the US House of Representatives passed a resolution that allows ISPs to sell a user’s browsing history to anyone who wants to buy it without the user’s knowledge or permission. The Senate had already passed the resolution and the Trump administration has signaled that they’re eager to sign it. If you privately browse websites you don’t want anyone to know about, you might want to consider a VPN. Mashable has a good article on how private browsing works.

Encryption on WiFi routers
The survey asked, true or false, “All Wi-Fi traffic is encrypted by default on all wireless routers.” Forty-five percent got it right, 11% got it wrong and 44% weren’t sure.

The correct answer is “False”. Lifewire has a good introduction to WiFi encryption and general WiFi security.

Email encryption
The survey asked, true or false, “All email is encrypted by default.” Forty-six percent got it right, 10% got it wrong and 43% weren’t sure.

Again, the correct answer is “False”. Email encryption is valuable but it can be difficult to set up and inconvenient to use. Digital Guardian provides a basic introduction and CompariTech gives you a more technical tutorial on how to set up email encryption for a variety of email applications.

Cyber criminals look at the results of the Pew survey and rub their hands with glee. What they see is a country where most of the people who use the internet (which is almost everyone) doesn’t know what they need to know to keep themselves safe online. In other words, they see a country of low-hanging fruit that are ripe for picking. Don’t be a fruit. Take the Pew survey, identify the gaps in your security knowledge, and use this insight to turn your weaknesses into strengths.

Read the complete story at: