IBM has just published a study in which they analyze the security, use and privacy habits of users who, since the COVID-19 pandemic, have turned to electronic commerce and digital procedures.
The recent global survey includes 22,000 people and offers results also for Mexico, since it was found that the increase in this type of users also increases the risk, not only for them, but for the companies that now safeguard their information.
It was found, for example, that in Mexico half of the participants always, or almost always, reuse the same passwords when creating new accounts (16 on average were created per user during the pandemic). Although one might think that the risk belongs to the user, now there is a co-responsibility on the part of the companies. And on an annual average, a data breach costs a company 4 million dollars, not only because of the damage to its reputation, but also because of the impact and interruptions in its activities.
Because 45% of people plan to maintain these new accounts that they have just created, it is necessary to pay attention to the process of use and acquisition of habits of new users, their position on privacy, and the recommendations that companies and users should continue to avoid loss of information when interacting with digital platforms.
Although the digital boom we are experiencing has exposed lax behaviors in terms of consumer security, the IBM study indicates that the change is here to stay: in banking and financial institutions, in addition to public services, it was where it was presented the largest increase in digital use, being those over 35 who most embraced the change and are also those who most intend to continue using digital media.
The most obvious security risk is in the handling of access credentials to the sites, and according to the respondents in Mexico, 40% learn their credentials by heart and 23% save them on paper, which indicates that 63% are exposed to a high security risk: memory users reuse the same password the most across different sites.
The recommendation here is to avoid such reuse and to use software that manages passwords (called “password managers” in English) in which it is only necessary to memorize the master password and that generates more secure passwords. If the site offers two-factor authentication, it is also recommended to use it.
IBM’s recommendation for companies is to change from the current or traditional approach to security towards a “Zero Trust Approach” in which the people in the organization do not have access to everything, but only to what their role demands you.
They should also offer a less intrusive experience taking into account data privacy, identifying what they have, how they use it, and how they protect it. Finally, implement security tests, prepare simulations, recovery plans, etc.
