Do you hear that? Click, tap, kaching! The frenzy of the year-end shopping season is upon us. In Asia, that means big shopping occasions like 10/10, 11/11 and 12/12. It also — unfortunately — means an increase in risks that users face, as more people head online and the range of threats from cybercrime increases.
According to data from the United Nations, cybercrime has already risen 600% since the start of the COVID-19 pandemic. But how and why are people still at risk? Where are people most vulnerable? And what can we do differently to better protect ourselves online, not just during shopping season, but all year round? To find out, we commissioned a study, conducted by YouGov, surveying over 13,000 respondents aged 18 and above across Asia-Pacific. Here are our findings, and our top tips for staying safe online.
1. Password recycling = risk
Poor password “hygiene” is far too common in Asia-Pacific, with over 80% of respondents using the same passwords across multiple sites, and almost half admitting to recycling passwords for up to 10 unique sites. If a password is stolen on any of these sites, a user’s accounts on the other sites become vulnerable as well. A worrying 1 in 2 respondents also confessed to using guessable passwords with easily-crackable combinations, such as significant dates and names of partners or pets.
What do we suggest people do instead?
- Create a unique password for each account to eliminate this risk. Make sure that each password is hard to guess and better yet, at least eight characters long.
- Use a password manager to make it easier to create and use strong and unique passwords on all your devices, without the need to remember or repeat each one. Google’s Password Manager, built directly into Chrome, Android and the Google App, can help you do this. Using a password manager makes signing in convenient, especially on small mobile screens – instead of entering in a password each time, you can just press a button
2. Set up your security safety net
According to our study, two in three respondents across Asia-Pacific have experienced a data breach or know someone who has. Here are some ways you can protect yourselves against fraud.
- Set up a security phone number or email address, and keep it updated so banks and other service providers can contact you right away if there’s suspicious activity on your account.
- Take the Google Security Checkup to preemptively strengthen the security of your Gmail account and get personalized security recommendations — it only takes two minutes to complete. Since people often use their Gmail accounts to register with their banks, shopping sites, and payment services, this increases security on top of our automatic protections.
- Set up 2-Step Verification (2SV) on every site that offers it. This dramatically increases security by requiring "something you know" (like a password) and "something you have" (like your phone or a security key).
More than 60% of people we surveyed said they are likely to adopt 2SV, but only 6% of people we surveyed currently use it. We know the best way to keep people safe is to turn on Google security protections by default. By the end of 2021, we plan to auto-enroll an additional 150 million Google users in 2SV and require two million YouTube creators to turn it on.
3. "Add to Cart” with Care
Three in four people admit to making purchases on pages without the secure symbol, increasing the opportunity for fraudsters to steal details.
We recently announced HTTPS-first mode in Chrome. HTTPS is a secure and private way for people to communicate with websites. If you enable this mode, Chrome will show you a warning if a website doesn’t support HTTPS.
We also recommend making sure you're always running the latest version of software on all your devices. Some software, like Chrome, will automatically update. For other services that send notifications when it’s time to update, don’t click “remind me later”— take the time to install the update right away.