Welcome to our second edition of “Data Privacy Diaries,” a series where we dissect the recent Entrust survey of 1,000 consumers from the U.S. and U.K. about data privacy.
Today’s post is connected to Safer Internet Day — an initiative that challenges internet stakeholders to come together and make the web a safer and better place for all users. As the awareness campaign celebrates its 18th year today, we want to bring attention to this year’s theme: “Together for a better internet.”
Our data revealed a few areas where both consumers and businesses can work toward a safer internet.
Concerns unmet with mindfulness
Seventy-nine percent of consumers we surveyed said they’re concerned about their data privacy, and 64% said their concern has grown in the past year. However, just because consumers are concerned doesn’t mean they’re practicing the safest online behaviors.
When asked if they carefully review terms and conditions, 43% of respondents said they do not, with 69% saying it takes too much time. The issue of time is a longstanding problem with reading terms and conditions — one analysis found that it would take you 76 business days to read all the privacy policies you encounter online. But 23% of respondents also said that they don’t think terms and conditions affect them, and 28% said they don’t understand what terms and conditions explain — two concerning viewpoints.
Respondents were also very willing to use sensitive information on their smart devices. The vast majority (83%) said they’re comfortable using or storing biometric data on apps and services. Additionally, 68% said they’re likely to store payment details on their smart devices for payment and banking apps. But with less than half of respondents knowing about security tools like anti-virus/anti-malware (44%), multi-factor authentication (43%) and encryption (33%), they may not be effectively protecting this sensitive information.
A challenge of responsibility to businesses
Established global brands have their work cut out in earning consumer trust on data privacy. Only 21% of respondents said they trust established global brands to keep their personal data secure.
But consumers are also challenging companies to be more transparent about their data privacy practices. On a list of 10 education sources for personal data protection, companies that make the apps and products consumers use were ranked the fourth most trustworthy. However, these companies were only the eighth most used source for data privacy education, indicating that businesses may need to strengthen their conversation about data privacy.
As 2020 brings another slew of major data breaches, consumers clearly don’t trust global brands. And even though most businesses don’t act maliciously when responding to data breaches, the same can’t be said for others.
In 2016, Uber covered up a breach that exposed tens of millions of customer and driver records. And a 2019 survey found that 71% of U.K. C-suite leaders would cover up a data breach if it meant escaping fines. With business leaders showing they’re actually willing to cover up a breach, consumers are right to be critical.
What consumers and businesses can do for a better internet
The Entrust survey found some consumer data privacy practices to be questionable and showed that respondents are critical of global brands, indicating things can still improve. We want our findings to serve as a benchmark and motivation for consumers and business to make the internet safer.
What consumers can do to be safer and secure
To be clear, we’re not asking you to take 76 days to read all the terms and conditions agreements you encounter. However, we do have a few recommendations on how you can keep your online privacy secure:
- Practice good password hygiene: Most people use the same password for all their online accounts — but you shouldn’t. Be proactive about password protection by changing up your password regularly and making each of your passwords unique. Also consider enabling advanced authentication, such as multi-factor authentication (i.e., receiving a special code on your smartphone to use in addition to your password).
- Encrypt your devices: Encryption was the technology survey respondents knew the least about — and that needs to change. Encryption makes data unreadable to anyone other than those holding the encryption key. The Federal Trade Commission has a great page describing how to protect your personal data with encryption. Ensure your banking apps use encryption to protect personal banking information, as outlined by this Bank of America FAQ page. Entrust also has a blog that discusses how you can send an encrypted email for sensitive information.
- Shop safely with vigilance: With 75% of people shopping online once a month, we want to call out some safe shopping tips. Double-check emails or links that may offer a deal too good to be true. If someone sends you a message to act quickly and make a purchase, there’s a good chance it’s a fraudulent scam. If you combine vigilance with good password hygiene and encryption, you’re setting yourself up for better protection than most.
How businesses can up their data privacy game
Data privacy is becoming more prevalent for businesses everywhere. But there are few steps organizations can take toward better data privacy practices:
- Outline your data protection strategy to customers: Be upfront and clear about your data privacy practices with your customers. Our data showed that consumers are looking to companies to show them how their information is secure and how they can protect personal data themselves. Embrace that role.
- If a breach occurs, be transparent: This tip seems obvious, but as we noted before, not all companies practice it. Forty-six percent of respondents said it’s on organizations to inform them when a breach happens. Hold up your end of the deal by being honest and offering a solution to customers if a breach occurs.
- Deploy multi-factor authentication (MFA): Apply two or more authenticators to keep workforce identities secure and help prevent potential breaches. For consumers, consider low friction MFA like mobile push notifications or smartphone biometric reading.
- Adopt adaptive risk-based authentication: Leverage an added authentication challenge when warranted. Instances when a user logs in from a new device for the first time, signs on at an abnormal time of the day or logs in from a different geolocation are all suitable examples.
- Go passwordless: We’re telling consumers to practice good password hygiene, use encryption and be vigilant. However, people still make mistakes, which is why eliminating passwords entirely is an even better option altogether. Removing the password effectively stops all password-based attacks. Credential-based password authentication provides substantial protection to keep workforce identities secure. Consumer friendly options for going passwordless include mobile push notifications and FIDO tokens.
A safer internet begins with consumers and businesses being more mindful. We couldn’t agree more with Safer Internet Day’s theme of “Together for a better internet.” Ensuring protection on an individual and business level makes for a safer web environment. And while we still have much to improve when it comes to data privacy, today is a reminder that a better internet is possible.
Keep an eye out for our next edition of #DataPrivacyDiaries.