Webroot Research: One Year Later, Social Networkers Are Savvier About Keeping Information Private, But Still Take Risks
Second Annual Survey Shows 37 Percent More Users Block Strangers From Viewing Their Profiles Through A Google Search, Yet 81 Percent Allow Anyone on Their Network to See Their Recent Activity
Boulder, Colo., March 30, 2010
As the amount of activity on social networks continues to grow, more members are taking steps to protect their privacy but opportunities abound for security risks, according to new research commissioned by Webroot, a leading provider of Internet security software for the consumer, enterprise and SMB markets.
Webroot’s second annual study surveyed more than 1,100 members of Facebook, LinkedIn, MySpace, Twitter and other popular social networks. The survey showed an increasing awareness among social network users of how to keep personal information private. At the same time, it revealed how social network users still put their identities and sensitive information at risk. Among the findings:
- More users are practicing certain safe behaviors, including blocking their profiles from being visible through public search engines – a 37 percent increase over last year.
- Yet more than a quarter of respondents have never changed their default privacy settings.
- And more than three quarters place no restrictions on who can see their recent activity.
Social networks are a growing Web destination – and a growing target for cybercriminals Facebook membership grew to more than 400 million active users, a 229 percent jump over the previous year . For the week ending March 13, Facebook surpassed Google in the United States to become the most visited Web site for the week . And earlier this month, Twitter reported a 1,500 percent growth in the number of new registered users in the course of a year.
“A perfect storm is developing between the number of people flocking to social networks and the new, increasingly sophisticated malware attacks cybercriminals are launching to prey on the personal data they’re sharing,” said Jeff Horne, director of Threat Research at Webroot. “For example, our team has noted over 100 different variations of Koobface, a worm known to trick people into clicking links they shouldn’t in order to infect their PC’s and often convince them to provide credit card numbers to buy phony antivirus products, among other fraudulent activities.”
In addition, Webroot has seen a rise in spam on social networks, which commonly contains links to malicious Web site links: The Webroot survey showed a 23 percent increase in spam received on social networks since last year.
Summary of Key Findings
Social network users are sharing information that could help hackers breach their profiles, their wallets and possibly their homes:
- Sixty-one percent include their birthday
- Fifty-two percent include their hometown
- Seventeen percent make their cell phone available.
- More than three quarters (77 percent) don’t restrict who can access their photo albums.
- Eighty-one percent don’t place any restrictions on who can see their recent activity, including updates generated by geo-location-based tools that report where their users are visiting.
Younger users (ages 18-29) are the least likely to take steps to safeguard their information.
- Forty-three percent of young users use the same password across multiple sites compared to 32 percent overall.
- Forty percent of younger users say they accept friend requests from strangers while only 29 percent of total users have.
- And while 69 percent of the general population has clicked on a link sent or posted by a friend, 77 percent of younger users have done so.
Privacy settings continue to be underutilized.
- Twenty-eight percent of users report they’ve never changed their default privacy settings.
- Seventy-three percent were aware of Facebook’s December 2009 privacy changes which automatically exposed their full profiles by default.
- But 42 percent report they haven’t made changes to their settings since the switch.
But modest gains are being made toward safeguarding personal information on social networks.
- Twenty-seven percent of users now restrict who can find their profile through a public search engine, up from 20 percent last year.
- Sixty-seven percent now use different passwords for each of their social networks, up from 64 percent last year.
- Forty-seven percent know who can see their profile, up from 41 percent last year.
What Can Users Do?
“Consumers need to better protect themselves by guarding their profiles and setting stricter privacy policies – especially given the growing popularity in location-based social media tools that broadcast where you are. It’s also important to make sure your computer has an added layer of security to stop attacks before they happen,” continued Horne.
To help consumers understand and protect themselves from these types of attacks, Webroot has provided the following tips as a guideline for safer social networking:
- Make personal information private—Protect yourself by updating privacy settings on your profile to restrict or omit access to any personal data. Users of popular geo-location services that allow you to share where you are should be especially careful to not disclose your location to the wrong people.
- Read between the lines—Familiarize yourself with the social networks’ privacy options to ensure you’re taking advantage of any enhanced security features.
- Be exclusive—Only accept friend requests, emails and site links from people you know and even then, be selective about what you open. Accepting items from sources you do not know could expose you to malicious malware.
- Protect the password—As a critical line of defense, it is more important than ever for members to choose their passwords wisely, and make them different from one site to the next. Incorporating numbers, letters and special characters like !, $, and * into your password makes it stronger. Webroot also recommends changing your password at regular intervals, and never use the same password at more than one site.
- Suite Security— Protect your PC with an Internet security suite that includes antivirus, antispyware, and firewall technologies.
- Always automate software updates—If you’re already using antimalware software, be sure to install updates which include the latest malware definitions. Do the same with updates to your operating system, Internet browser and other key applications. However, watch out for fake software updates like emails that purport to be from Microsoft which require you click on a link to update Windows. Toggle the automatic updates setting within Windows.
Webroot offers several comprehensive Internet security solutions for consumers including Webroot® AntiVirus with Spy Sweeper®, and Webroot Internet Security Essentials. For more information about these and other products, please visit http://www.webroot.com/En_US/consumer.html.About the Research
Between February and March 2010, Webroot sponsored an online survey of Internet users in the United States and the United Kingdom. The panel management company e-Rewards invited panel members who own a PC or laptop, have an Internet connection at home, and spend at least one hour per week online at home to participate in the study. With a total of 1,136 respondents, the margin of error is ±2.9 percentage points at the 95 percent confidence level.
Webroot is bringing the power of software-as-a-service (SaaS) to Internet security with its suite of Webroot® SecureAnywhere™ offerings for consumers and businesses. Webroot also offers security intelligence solutions to organizations focused on cyber-security, such as Palo Alto Networks, F5, Corero, Juniper, and others. Founded in 1997 and headquartered in Colorado, Webroot is the largest privately held Internet security organization based in the United States. For more information, visit http://www.webroot.com or call 800.772.9383. Read the Webroot Threat Blog: http://blog.webroot.com. Follow Webroot on Twitter: http://twitter.com/webroot.
©2013 Webroot Inc. All rights reserved. Webroot, SecureAnywhere, and Webroot SecureAnywhere are trademarks or registered trademarks of Webroot Inc. in the United States and other countries.