A Google-conducted survey of 231 infosec pros worldwide has reaffirmed the industry's faith in strong passwords, and achieved consensus about nothing else.
It's almost unfair to make fun of the study's title, “152 Simple Steps to Stay Safe Online: Security Advice for Non-Tech-Savvy Users”, because that's clearly an editorial slip-up (the document [PDF] also includes the note, “ED: Please provide section title”).
Sigh. Not only is there no agreement, things are really all over the map:What's clear is that infosec types can't agree, on an industry-wide basis, on the content of anything like the Australian Signals Directorate's (ASD's) enterprise-focussed “Essential Eight” safety strategies.
Here, we pick out everything with more than 30 mentions:
Advice Mentions Patch systems and software 90 Use unique passwords 68 Use strong passwords 58 Use multifactor authentication 36 Use antivirus software 35 Use a password manager 33
However, to Vulture South's eagle eye (sorry), it's depressing how many things we'd consider obvious lacked traction even among experts.
Only 10 experts said back up your data? Yikes.
Advice Mentions Don't open unexpected attachments 19 Limit privileges (don't run as admin) 12 Backup your data 10 Don't trust open networks 4 Lock all devices 4 Don't use Java 4
This is why we can't have nice things on the Internet, folks.