98% of Americans Are Failing at Cybersecurity. Seattle, Let’s Fix That.

In June, the Pew Research Center for Internet and Technology conducted a study on Americans and Digital Knowledge – and, sorry to tell you, the study uncovered some bad news. The survey of more than 4,300 people contained 10 relatively basic questions about cybersecurity issues, yet only 2% of respondents got all 10 answers correct

We’ve spoken before about how cybersecurity in Seattle is a really big issue, due to our city’s unique, high-tech population, so let’s take a few minutes in this blog to chat about what the study uncovered. 

Want to see how your cybersecurity knowledge stands right now? Feel free to take the 10-question study quiz before coming back here to read all the answers, so you can see how you stack up against the rest of America. 

Once you’ve taken that quiz, let’s go over all those questions and answers together. 

1. Where might someone encounter a phishing scam?

More than 2/3 of survey respondents answered this one correctly, so you probably know the answer as well. The correct answer was that you can be phished over email, text message, social media, and on a website. In short, always check the URL before entering in any sensitive data – and take a moment to make a quick call to the sender before releasing personal information over email, social media, or text. 

It’s also a good idea to set up email threat protection and train your staff to avoid common phishing tactics

2. What do cookies do?

Nearly 2/3 of respondents got this one right too, so you likely already know that cookies allow websites to track user visits and site activity. You may not know that cookies in things like Google ads can track your activity across multiple sites, creating an aggregate of your activity, which they use to advertise to you. 

Quick tip: if you’re looking for holiday presents on a shared computer, browse in incognito or private mode. 

Speaking of which… 

3. Why would people use private browsing mode? 

One quarter of respondents got this one right, one quarter got it wrong, and nearly 50% of people had no idea how to answer this question, so there’s a good chance your knowledge on this is a bit fuzzy as well. 

The quick explanation is that private browsing mode, or “incognito” mode, keeps your search and browsing history private from other users of the same browser. In practice, this means that if you Google “Beyoncé’s best song ever” on a computer and browser that your coworker might be using, and then, later in the day, they search for “Beatle’s best song ever,” the first “Be” they type may autofill your question in their search box and give away your secret Beyoncé obsession. 

As I mentioned earlier, private browsing mode can also help prevent your kids or spouse from figuring out your holiday gift-giving plans… but that’s about it. Private mode still leaves your search and browsing history wide open for inspection by your company’s IT admin, your ISP (like Comcast Xfinity), and the websites you visit. In other words, don’t ever use your work computer for NSFW activities. *ahem*

4. How do social media platforms make money?

This bit of trivia is pretty important for understanding the underpinnings of the internet, yet only 6 out of 10 people understand that social media platforms make their cash by directing ads toward you. Even if you hadn’t previously realized this, you’re probably not surprised… but you’ll want to be wary of all those ads. 

Over the past few years, Facebook has repeatedly been in hot water for sharing data inappropriately (here’s why that’s not okay at all) as well as for running unvetted ads, and all of that can cause danger for you and your company’s cybersecurity because fake ads can also be used to exploit your system vulnerabilities and deliver ransomware

5. Where else can you find those Facebook ads?

Look, not to bash Facebook here, but since they keep getting themselves in the news, it’s worth it to make sure you know everything you can about their ads and data-sharing practices. Specifically, it’s worth it to know what other websites Facebook owns, so you understand where else you have a good probability of finding sketchy ads and questionable data practices. 

Sadly, less than 30% of respondents understood that Facebook also owns WhatsApp and Instagram. Even if you don’t personally use Facebook, WhatsApp, or Instagram, you can bet that at least one person on your staff has visited at least one of these sites from your office computers or using your company network (probably all of your staff does so, every day). Those visits could be endangering your company if you don’t have up-to-date cybersecurity protection. 

6. What’s a privacy policy? 

Speaking of privacy, less than 50% of respondents understood what a privacy policy was, and 25% of people thought that privacy policies adhered to federal guidelines or limited the collection and sharing of users’ personal data. (If only!) 

I wish privacy policies had some sort of guidelines or helpful practices in place (it would make my job easier), but unfortunately, that isn’t the case. Instead, a privacy policy simply establishes a contract between you (the site visitor) and the company (the site controller), which outlines how they’ll use your data. 

It’s not practical for me to suggest you read every privacy policy for every site you visit, ever. However, it certainly is worth it for you to understand that a privacy policy could totally state that the site is welcome to use and sell your data any way they want to, to anyone they want to, for any reason – and that you agree to that just by your simple action of being on the site. Makes you think, huh? 

7. What does that “https://” mean in your URL? 

Only 30% of respondents understood that “HTTPS” (the S is what matters there) in the address bar means that information entered into the site is encrypted. When your data is encrypted over HTTPS, it means you shouldn’t be in danger of a “man in the middle attack,” which is when an attacker sets up a system in which they can see what data you enter into a site, such as login credentials. However, don’t make the mistake of thinking that HTTPS means the site is safe

A few years ago, cybersecurity professionals would recommend that people verify that the site they were visiting was secure by looking for an “HTTPS” or a little lock symbol in their address bar, but that advice is out of date. Many phishers now use HTTPS sites themselves. 

To stay safe these days, check the full URL address before entering in any sensitive data, use complex and unique passwords for every internet account you hold, and change your passwords often.  

Oh, and use two-factor authentication too.

8. What does two-factor authentication (2FA) look like? 

This is big, so listen up. A whopping 55% of respondents answered this question completely incorrectly, which means they’re not using one of the top free cybersecurity tools the internet offers

We’ve talked about two-factor authentication (2FA) and multi-factor authentication (MFA) before on this blog, so you already know that it adds an additional layer of security to your logins by requiring that you not only know a password, but that you also have a verified thing that can be used to further verify your identity. In most cases, that thing is a phone because the website sends you a text-message code to confirm your login, but you could also use a USB key or a fingerprint as your secondary form of ID. 

Here’s what a two-factor login screen typically looks like

It’s a good idea to set up 2FA whenever a site offers you the opportunity. Sure, it’ll take you an extra second to log in because you’ll have to enter a code from your phone, but it’ll really help with your cybersecurity efforts. That’s worth just a tad bit of inconvenience, right? 

9. What’s net neutrality?

Everyone seems to have an opinion on net neutrality, yet less than 50% of survey respondents know what it is (sigh). Though 12% of respondents thought net neutrality had something to do with equal opportunity, fair and unbiased political representation, or censorship; it’s none of those. 

In fact, net neutrality simply means that ISPs (like Comcast Xfinity or CenturyLink) must treat all traffic on their networks equally. In other words, no one can pay more to “cut to the front of the line” for data downloads, HD video streaming, or general internet speed. In a non-net-neutrality world, people with less money may have to spend more time waiting for sites and videos to load. 

10. Who is Jack Dorsey? 

If you were among the 84% of people who didn’t know how to answer this, don’t worry. It was a strange question. Jack Dorsey is the co-founder and CEO of Twitter, as well as the founder and CEO of Square (the popular payment company that makes almost everyone’s mobile point of sale systems). 

Perhaps the Pew Research Center folks were making a point about how most people can’t recognize the guy who controls the other massive social media platform as well as a huge amount of our credit card transactions… but whatever. Dorsey also changes his facial hair a lot, unlike Zuckerberg who always looks exactly the same

How Do Your Cybersecurity Skills Stack Up? 

Whether or not you aced the Digital Knowledge quiz, you already understand the importance of effective network security for your business – and you know that effective network security starts when you work with the right team that keeps your company’s data and devices secure. 

Interplay is one of Seattle’s longest-standing cybersecurity and network security experts and one of the city’s only true Managed Services Providers (MSPs). Over the nearly 20 years we’ve been in business, we’ve protected our clients from literally thousands of threats, including ransomware, phishing, and malicious hacking. 


Not sure if your company is protected from the wide variety of cybersecurity threats out there? Find out when you request your free vulnerability scan from Interplay.