What Non-Experts Can Learn From Experts About Real Online Security

An anonymous reader writes: Google researchers have asked 231 security experts and 294 web-users who aren't security experts about their security best practices, and the list of top ones for each group differs considerably. Experts recognize the benefits of updates, while non-experts are concerned about the potential risks of software updates. Non-experts are less likely to use password managers: some find them difficult to use, some don't realize how helpful they can be, and others are simply reluctant to (as they see it) "write" passwords down. Another interesting thing to point out is that non-experts love and use antivirus software.

Re:Experts know more than non-experts

[quantaman]

That's missing the point. Identifying 1 or 2 differences in approach between experts and non-experts shows 1 or 2 things you can tell the non-experts to do to greatly improve security overall.

In this case, the take away action would seem to be to make sure you keep all the software updated.

The other take away is to figure out why the non-experts don't use the expert approach already. Are the password managers poorly advertised or otherwise unwieldy? For instance I know a lot of sites have login windows that the Firefox password manager doesn't recognize.

Non-experts are concerned about the update's costs

As much as people want to believe, in the age of unattended Windows updates and package managers, that updating is painless and causes no problems, there are many famous examples of times people installed updates that proceeded to destroy or seriously disrupt operation of production environments.