According to a recent Harris Interactive survey of more than 2,000 U.S. adults commissioned by ESET, more than four out of five now use social media (82%), making social networks an increasingly important means of communication for consumers and companies alike. This widespread adoption raises important questions about the roles of the various entities that create this shared online experience, particularly in the area of privacy and security. So we asked people who was most responsible for online safety. Here’s what we found:social-media-responsibility

We were impressed that almost two thirds of respondents appeared to embrace individual responsibility. However, when we probed further into online behavior, particularly around social media, it became clear that putting that personal responsibility into practice remains challenging for some folks. Several disconnects were observed, for example, more than half of U.S. adult social network users say they have not read the most recent privacy policy for their social media accounts. Here's the question and results:social-media-policy2

To be honest, I was surprised by two numbers in this chart. I was impressed that 28% of people were up-to-date, but I'm worried that 51% are not. Why is it so important to know the terms under which a social media service operates? To prevent surprises when you share information, like your name and face showing up in an advert for a product you once said you liked.

The importance of knowing “the most recent privacy policy” was illustrated recently when Facebook expanded the ability to find people even if they did not want their profile viewed, and again when Google moved to show product preferences expressed by Google+ users alongside advertisements. (Sometimes it is possible to opt-out of changes, but if you’re not checking the latest privacy policies you may not be aware of the need to exercise that option.)

Of course, some people find it hard to make sense out of the privacy and security controls in social network services. That's why ESET included a tool for checking your settings as part of the free Social Media Scanner (see here for more details). This app works with both Twitter and Facebook, seen here:

eset-social-scan2

As you can see, this is quite a different view of the Facebook settings, hopefully one which some people may find easier to use than the standard Facebook menus. Note that the tool provides a warning about potentially sensitive items in the Facebook user's profile that are open to public view. In this case the user is me and my hometown of Coventry is visible. As it happens, I'm okay with people seeing that, but I was not really aware they could until I ran the scanner app.

social-media-changesOur Harris survey turned up another indicator of a possible disconnect between widespread acceptance of individual responsibility for online safety and actual behavior. We found that roughly one in five people have never changed the privacy settings on their social media accounts, not ever.

This finding is worrying because of the very "open" nature of most default social media settings, sometimes set by the social network operator to permit the widest possible use of your information. It is hard to think that everyone who leaves the default settings in place is aware of the implications.

28percentLack of attention to privacy and security on social media does seem to be at odds with the belief in individual responsibility. This is even more surprising when you consider the negative experiences of more than a few users. For example, 28% of social media users said that one or more of their social media accounts had been hacked. For more than half of those people the hacking had occurred this year.

A whopping 91% of respondents reported receiving at least one suspicious electronic message this year. Although people encountered suspicious messages mainly in email, suspicious messages in social media were encountered by one third of social media users. More than one in five people had encountered malware or links to malware on social networks.

In light of these number it is not surprising that 86% of U.S. adults expressed concern about viruses and/or hackers when visiting their favorite websites. Sadly, only 35% of people felt that websites do a good job of screening or filtering out malicious code.

We did see some positive signs of personal responsibility or what might be termed "cyber citizenship." For example, 33% of people with social media accounts had flagged a suspicious item or message to an administrator, and some people are clearly reaching out to friends when they see problems (30% of people whose social media accounts had been hacked were notified by friends).

What is even more impressive is that a significant percentage of people are acting responsibly without any formal training in how to handle themselves and their data in the online world. We found that only 27% of social media users had received any online safety training. In other words, almost three quarters of the people out there using social media are self-taught when it comes to sensible behavior online. Given the level of threat activity reported to us, that 27% is a scary number. It should also scare employers because a lot of people in the labor pool lack formal training in security knowledge and awareness.

Nevertheless, people are persevering with social media, and social media continues to function, which may indicate that there’s a lot of self-taught cyber citizenship at work. With the right tools, and continued efforts to educate and spread the word, more and more people can safely enjoy social media.

What has your social media experience been like? Have you encountered suspicious or malicious messages or content? Leave a comment below and let us know. You might also want to check out the ESET Social Media Scanner which can alert you to problem content and simplify privacy and security settings on Facebook and Twitter.