People's ignorance of online privacy puts employers at risk

Study finds that more than half of respondents have not read most recent privacy policy for social media accounts

People say they are responsible for their own online safety, yet do very little to protect the information they share on social media, which increases the risks to themselves and employers, a study shows.

[Employees easily tricked on social media prime phishing attacks]

Nearly two thirds of respondents to a Harris Interactive survey of more than 2,000 U.S. adults embraced individual responsibility in protecting privacy. Only 12 percent said social media, used by more than four out of five American adults, was responsible for the online safety of users.

While taking on the burden of guaranteeing their own safety, respondents didn't do much to protect themselves. More than half had not read the most recent privacy policy for their social media accounts, and less than three in 10 had read the whole document.

The disconnection suggests that people's attitude toward privacy accountability is more ideological than practical, said Stephen Cobb, senior security researcher at ESET, which commissioned the study. As a result, people place themselves and employers at risk by not fully understanding how information is used and who sees it.

"What I think people lack are the resources and education to follow all the way through with (protecting information)," Cobb said Thursday.

If people prefer to be stewards of their online privacy, then schools, consumer advocates and private industry have an obligation to provide training. The survey found only about a quarter of the respondents had any formal instruction, which should be a warning to those companies that assume people know how to be safe online.

"The average American adult isn't going to walk through the door well prepared to protect that company's information," Cobb said. "They need help. They need education."

While social media often changes privacy policies, the survey found that only one in five respondents had ever adjusted the settings on their accounts. Because companies tend to activate the most open settings by default, users may be sharing much more information than they realize.

Keeping up with the constant changes in privacy policies, which tend to be long and filled with legalese, is important to avoid surprises. For example, Facebook and Google made changes last month that riled some users.

Facebook removed the option of hiding one's profile in search results. Google introduced a new setting called "Shared Endorsements" that would show the product preferences of Google+ users next to ads on the social network.

While companies often allow people to opt-out of such changes, this is unlikely to happen if users are not regularly reviewing privacy policies.

Threats associated with social media are real. Almost 30 percent of survey respondents said one or more of their accounts had been hacked, with more than half of that number victimized this year.

[Raytheon study highlights strengths, deficiencies of Millennials]

A third of the respondents had received at least one suspicious message in social media and one in five had encountered malware or links to malware.

As a result, almost 90 percent of survey respondents were concerned about viruses and hackers when visiting their favorite websites. Only about a third of the respondents believed websites were doing a good job protecting visitors from malicious code.

Copyright © 2013 IDG Communications, Inc.

7 hot cybersecurity trends (and 2 going cold)