Inherent trust of LinkedIn means few users question security implications of using the site

LONDON – 24 April, 2012 – Faronics, a global leader in securing multi-user PC environments, today announced the results of a survey exploring UK web users’ attitudes to online security. The research, conducted by One Poll[1], revealed that although the majority of people (71 percent) are worried about the amount of personal information held online, a significant proportion would still share confidential information with people they didn’t know, with almost a third (32 percent) stating they would send a password, bank account number or their mother’s maiden name via email or a social networking website.

Respondents were particularly trusting of LinkedIn, with 33 percent of site users admitting they have accepted connection requests from people they do not know. This compares to just 15 percent of Facebook users.  Likewise, while 46 percent of Facebook users have customised their privacy settings, just 20 percent of those on LinkedIn have controlled who can view the information on their profiles.

“While the risk of identity theft and other cyber threats is relatively well known, many users still seem to be in complete denial that it could happen to them,” said Bimal Parmar, VP marketing at Faronics. “The aim of this survey was to assess just how knowledgeable people are about the specific security threats that their social networking accounts can pose – and the results are eye-opening to say the least. Users are clearly concerned about the amount of data held online, yet they are continuing to trust social networking sites with very personal information. A growing concern is that when it comes to websites such as LinkedIn, it appears that this trust is even greater. While issues surrounding Facebook’s security – or lack thereof – have been widely covered in the media, LinkedIn is very rarely mentioned, which has led users to fall into the trap of believing that the security risk is lower. Unfortunately, as the threat landscape evolves, and attacks become more targeted and convincing, this is simply not the case.”

Many people still do not believe they are a target for cybercriminals, with 51 percent of all respondents claiming they are not at risk of cyber fraud, and 28 percent believing there is no value in the information posted on their social networking pages. That said, 13 percent would be happy to send a password to complete strangers online if the request looked genuine. This, coupled with the fact that only a fifth (21 percent) of those asked have heard of attacks such as spear-phishing – in which personalised emails are sent to target individuals within a specific organisation, with the aim of breaching corporate data security – indicates a significant lack of awareness when it comes to changing cybercrime tactics.

“Today, any personal information can be harvested and exploited by a determined cybercriminal,” continued Parmar. “As more cybercriminals employ social engineering tactics that tap into basic human psychology, even the smallest bits of information – such as birthdays, job roles, supplier information, travel plans or details of hobbies – can be used to form a convincing email that the victim could believe originated from a trusted source. All the target has to do is open the email, click on a link or download an attachment for spyware, keyloggers or other malware to be dropped onto the computer and open the entire corporate network to fraud.”

Just over half (51 percent) of those surveyed admitted they had been targeted by a spear phishing campaign, with 12 percent of these attacks reported as successful. This is perhaps unsurprising as 60 percent of all respondents stated they would be willing to open an unsolicited email attachment if it looked relevant, interesting or appeared to be in response to an action they had taken (for example, a receipt for a recent purchase). This lack of consideration could be partially down to the fact that just 24 percent of UK organisations admit to having specific policies, training and/or safe computing measures in place to prevent an employee from falling victim to spear phishing and other email scams, and a fifth of survey respondents still believe that a good PC security package will solely protect them from fraud.

“Cybercriminals are nothing more than con artists, and spear phishing is simply the modern day equivalent of pick-pocketing – therefore, the smarter and more street-wise the user is, the less likely they are to be duped,” continued Parmar. “At the moment there is a discrepancy when it comes to people’s online privacy concerns and what they are actually doing. With so much at stake, organisations must now address existing security practices to ensure that they are prepared for the probability of an employee falling victim to a targeted attack. A layered security strategy that enables administrators to control exactly which executables can and cannot run on each individual workstation provides the ultimate safeguard against the reputational and financial damage that failed security can bring. ”

[1] 1,000 employees across both the UK private and public sector were surveyed by OnePoll on behalf of Faronics. The full findings can be found here: http://www.faronics.com/assets/Faronics-Social-Media-Survey-April-20124.pdf