Assurity Trusted Solutions, a wholly-owned subsidiary of the Infocomm Development Authority of Singapore (IDA), recently shared findings from their survey on Cyber Security and 2FA Awareness. You may recall some snippets of information that was published in the Straits Times about 2 weeks ago. The survey results are quite interesting in that they give us a glimpse on the online security practices and awareness of Singaporeans.
The sample size, I’m afraid, wasn’t very big. There were 346 people polled. These were people in the (I think) Raffles Place area where Assurity had a OneKey publicity event earlier this year.
Just to give you a feel of the demographics: Most respondents were relatively young, with 36.1% in the 16-25 years age band, and the percentage dropping as the age band moves upward. 58.4% were working professionals, 27.2% were students.
Interestingly, the survey paints a picture of confused people.
The survey results show that social networking (82 percent of all respondents) followed by online banking (72 percent) and online shopping (71 percent) are Singaporeans’ most popular online activities at home. The survey results also show that 60 percent of the respondents who file tax returns online never change their password; 7 percent do so quarterly as recommended. Furthermore, 59 percent of the respondents who use other government services never change their password. For users of online banking services, 10 percent of respondents change their passwords quarterly as recommended; 52 percent of respondents never change their passwords. For security traders who trade online, 54 percent of the respondents never change their passwords, only 9 percent change their passwords quarterly. 45 percent of all respondents do not have different passwords for all their online accounts. — Assurity press release on 27 July 2012
One key area of Singaporeans’ weakness is with password security. That makes 2FA all the more important.
An interesting discussion that emerged from Assurity’s sharing session was about the general IT security attitudes of Singaporeans. The survey revealed that only 69.9% of respondents knew how to check if their computer has adequate security protection. While 83.2% had an anti-virus solution installed, only 69.9% said they knew they were properly updated automatically. So there’s some knowledge gap for some users in how to get their computers properly protected.
What do users do when they need help with their computers? Do they simply find any willing “helper” to come take over their computer to fix things up for them?
The issue here is do you trust this “helper” with the security of your computer?
This is like giving someone the keys to your safe to ask them to help check if your safe is safe, but you don’t watch what they do with your safe. You’re not watching what they’re doing because you don’t understand what it is they are doing.
It’s all too easy nowadays for anyone with some skills to manipulate the computers of oblivious users.