More playing it safe online, but bad habits need to be curbed

SINGAPORE – While more people are practising good cybersecurity, such as adopting Two-Factor Authentication (2FA) and scanning files for viruses, bad habits for password management still persist, according to a 2017 survey conducted by the Cyber Security Agency of Singapore (CSA).

The annual survey, which was conducted online late last year and involved some 2,000 respondents, found that more people were aware of what 2FA was.

According to a CSA press release issued on Monday (April 23), there was a significant jump in the proportion of respondents who had 2FA enabled for either some or all their online accounts – from 66 per cent in 2016 to 79 per cent in 2017. The proportion of respondents who were "not sure" of this authentication process also decreased, dipping from 10 per cent in 2016 to 4 per cent last year.

They were also more cautious about opening or using downloaded files, or external devices, with more respondents choosing to conduct virus scans first. This was reflected in the surge from 59 per cent in 2016 to 89 per cent last year.

Online transactions was another area that respondents were more careful about from 2016 to 2017, as the proportion of those who proceeded with such transactions without first checking the authenticity of websites dropped from 38 per cent to 20 per cent.

Fewer respondents also connected to open, non-password-protected Wi-Fi networks in public spaces in that same period, as that figure dipped from 37 per cent to 25 per cent.

They also chose to download mobile applications from official app stores such as the Google Play Store and Apple App Store as compared with other open or online sources, with an uptick in the figures – 90 per cent for last year, from 83 per cent the year before.

But there was room for improvement in some areas, as respondents still lagged behind in habits such as password management and updating of software. The CSA noted there was "no improvement" in password management habits last year.

About one in three respondents (34 per cent) continued to store their passwords in their computer or write them down, or use the same password for work and personal accounts (30 per cent). From a given list of passwords, only 45 per cent of respondents in 2017 were able to identify a strong password of at least eight characters comprising upper and lower-case letters, as well as numbers and symbols.

Additionally, over six in ten respondents did not change their passwords regularly, or did so only when the system prompted them. They tended to change their passwords for personal and work email accounts more regularly (34 per cent to 35 per cent), as compared with Internet banking accounts (32 per cent), and social media accounts (31 per cent). It was the lowest for online shopping accounts and cloud-based services (26 per cent to 28 per cent).

While a majority of 94 per cent updated their personal computer software, close to half (41 per cent) did not update it immediately or as soon as possible. Similarly, 38 per cent of respondents did not do so with mobile apps.

Reiterating the need to guard against complacency, the CSA also noted in its survey that there was a slight dip of between 3 per cent and 5 per cent in respondents' concern about cyber threats.

While seven in ten were concerned about these threats, less than half (31 per cent to 44 per cent) felt these would happen to them. The threats include having their devices infected by viruses or malware, their financial or personal information extracted without their consent, and falling victim to a scam or a fraud.

CSA chief executive David Koh said that while it was heartening that most respondents recognised the need to be concerned about security, he pointed out that cyber threats "show no signs of abating".

"While we will continue to provide cybersecurity understanding and know-how to the community, we must recognise that we all have a part to play to protect ourselves online and not fall prey to cyber criminals," he said.

To encourage the adoption of good cybersecurity practices, the CSA launched its second cybersecurity public awareness campaign, Cyber Tips 4 You, on Monday.

Local celebrities Suhaimi Yusof and Jae Liew from the cast of Mediacorp television drama Tanglin will feature in a series of online videos, advertisements and posters to dish out cyber tips to viewers. These include advice on how to use an anti-virus software, using strong passwords and enabling 2FA, how to spot signs of phishing and updating their software as soon as possible. A launch event will be held on May 5 at Bedok Mall.