Reading Time: ~5 min.

Like many Americans, you might think your online habits are
safe enough—or, at least, not so risky as to put you in danger for cybercrime.
As it happens, most of us in the U.S. are nowhere near as secure as we think we

We partnered with Wakefield Research to survey 10,000
Americans, ages 18 and up, with 200 interviews in each of the 50 states to
better understand people’s attitudes, perspectives, and behaviors relating to online
cyber-safety (or “cyber-hygiene”). Using the responses, we calculated each
state’s cyber-hygiene score, which you can think of like a test score on
people’s understanding and practice of good online habits. I’ve repaired
computers and worked in the cybersecurity business for almost 15 years now, and
I was shocked by some of the results.

Cut to the chase: just how bad were the results?

Bad. The average across all 50 states was only 60% (that’s a
D in letter grades) on our scale. In fact, only 10% of Americans got a 90% or
higher (i.e. an A). The riskiest states—Mississippi, Louisiana, California,
Alaska, and Connecticut— combined for an average score of 56%. So what made
their scores so low?

  • In Mississippi, almost 1 in 4 people don’t use
    any kind of antivirus and don’t know if they’ve ever been infected by malware.
  • Only 44% of Louisiana residents take any
    precautions before clicking links in emails leaving themselves vulnerable. (This
    is a great way to get scammed by a
    phishing email and end up with a nasty infection on your computer.)
  • Over 43% of Californians and Alaskans share
    their passwords with friends or family.

How did we come up with these scores?

Here’s our methodology for deriving each state’s
cyber-hygiene score. We grouped our questions into 10 categories and used a
pass/fail grade for the answers.

  1. Do they back up their data?
  2. Have they lost a device without recovering/locking
    it, or given a device away without wiping it?
  3. Have they had their identity stolen?
  4. Have they been impacted by malware?
  5. Have they fallen for phishing attempts?
  6. Do they use antivirus software?
  7. Do they share passwords with others?
  8. Do they reuse passwords across multiple accounts?
  9. Do they keep their social media profiles public?
  10. Do
    they practice good online behavior?

What does people’s perception vs. reality look like?

Americans in every state were overconfident. 88% feel they
take the right steps to protect themselves. But remember, only 10% of people
scored an A on our test, and the highest scoring state (New Hampshire) still
only got an average of 65% (that’s still only a D).

While the average American has a surface level understanding
of common cyber threats, there’s a lot of room for education. 79% of people have
heard of malware, but only 28% felt confident they could explain what it was.
70% have heard of phishing, but only 33% could explain it. 49% of Americans
have heard of ransomware, but only 21% could describe what it is. 64% of
Americans don’t keep their social media accounts private and their posts are
searchable from the internet. 63% of Americans reuse their passwords across
multiple accounts.

Given the number of news reports involving major companies
getting breached, huge worldwide ransomware attacks, etc., we were pretty
surprised by these numbers. As you’re reading these, you might be checking off
a mental list of all the things you do and don’t know, the actions you do and
don’t take. What’s important here is that this report should act as a reminder
that understanding what kinds of threats are out there will help you take the
proper precautions. And, following a few simple steps can make a huge
difference in your online safety.

How about some good news?

There is good news. There are some who scored a 90% or above
on our test. We call them Cyber-Hygiene Superstars, because they not only take
all the basic steps to protect themselves and their data online, but they go
above and beyond. Cyber-Hygiene Superstars are evenly spread across the
entirety of the U.S., and they help demonstrate to the rest of us that it’s easy
to raise our own cyber-hygiene scores.  

Some of the standout behavior of superstars:

  • They regularly backup their data in multiple
  • They always run antivirus.
  • They keep their software and operating systems
    up to date.
  • They use a VPN when connecting to public WiFi
  • They take precautions when clicking links in
  • They don’t share passwords.

Superstars can also explain common attacks and are less
likely to fall victim of phishing attacks and identity theft. They frequently monitor
their bank and credit card statements and regularly check their credit scores.

What can you do to improve your cyber-hygiene score?

All in all, it’d be pretty easy for the average American to
take their score from a D to at least a B, if not higher. You won’t have to do
anything drastic. But just making a few small tweaks to your regular online
behavior could work wonders to keep you and your family safe from cybercrime.

  1. Use
    antivirus/antimalware software.

    There are a lot of free solutions out there. While you typically get what you
    pay for in terms of internet security, even a free solution is better than no
    protection at all.
  2. Keep all
    your software and your operating system up to date.

    This one’s super easy. Most applications and operating systems will tell you
    when they need an update. All you have to do is click OK instead of delaying
    the update to a later date.
  3. Don’t
    share or reuse passwords, and make sure to use strong ones.

    You might think password sharing is no big deal, especially when it comes to
    streaming or gaming sites, but the more you share, the more likely it is that
    your passwords could end up being misused. And if the password to just one of
    your accounts is compromised, then any of your other accounts that use that
    password could also become compromised. If you’re concerned about having to
    create and remember a lot of unique passwords, use a secure
    password manager.
  4. Lock down
    your social media profiles.

    Making your posts and personal details public and searchable means scammers can
    find your details and increase their chances of successfully stealing your
    identity or tricking you into handing over money or sensitive personal
  5. If you
    connect to public WiFi, use a VPN.

    Antivirus software protects the device, but a VPN
    protects your actual connection
    to the internet, so what you do and
    information you send online stays private.
  6. Back up your data.
    Cloud storage is a great solution. But it’s a good idea to do a regular
    physical backup to an external drive, too, particularly for important files
    like tax documents.
  7. Don’t
    enable macros in Microsoft® Office documents.

    If you’re ever trying to open a document and it tells you to enable macros,
    don’t do it. This is a common tactic for infections.
  8. Use
    caution when opening email attachments.

    Only open attachments from people you know and trust, and, even then, be extra
    careful. If you’re really not sure, call the person and confirm that they
    really sent the file.

Want to see where your state ranks? See the full list.

Test your knowledge and see where the Webroot Community stacks up against the rest of America: Join our daily contest for a chance to win prizes! Contest ends at 4:00pm MT on May 21, 2019.

The post A False Sense of Cybersecurity: The Riskiest States in America appeared first on Webroot Blog.