The security landscape has changed, shifting from malware to data breaches and social engineering — phishing and other manipulative tactics to get you to willingly hand over sensitive data. At the same time, browsers, email programs and operating systems have beefed up their security to protect users. Are you one of the estimated 45 million households in the U.S. that pays for some type of antivirus software?

Earlier this year, research and review firm Security.org conducted a survey of 841 U.S. households and combined the results with their own software testing, Google Trends, AV-Labs and other sources to offer insight into who uses (free or paid) antivirus software and why. It determined the current market to be about $1.8 billion and expects that figure to rise as COVID-related scams continue to plague users.

The survey found that 85% of those over the age of 60 are most likely to use antivirus software, but the difference between age bands for those 30-44 and 45-60 was no more than two percentage points. Half of antivirus customers pay for the protection with an average annual cost of $40, and the majority purchased their software prior to 2018.

There seems to be a disconnect between the perception of what third-party antivirus programs can do and what types of threats the average user (we’re not talking about governments!) is likely to encounter. The greatest threats most users face are from hackers who can easily adapt to trends, such as the increase in remote workers, and fine tune their social attacks for better results like using tax scams in the early months of a new year.

“When I look at all the personal account compromises I’ve seen over the past three years, I don’t think any of them were caused by malware,” Bob Lord, who overhauled the Democratic National Committee’s cybersecurity strategy for the 2018 and 2020 elections following Russia’s interference, told NBC in an interview. “They happened because the victims had poor password hygiene and didn’t have two-factor authentication on their accounts.”

This is not to say that computer viruses are a thing of the past, but Windows 10 and later computers come with Windows Defender that offers real-time protection against spyware, malware and other viruses across apps, cloud storage, email and the web. Coupled with protection found in all modern browsers, you’re well covered as long as you keep these up to date. And for anything that slips through, the free version of Malwarebytes should take care of it.

Because hackers mostly target average computer users to break into their personal email, social media and bank accounts, protection is up to you. Use strong, unique passwords and don’t reuse them for different accounts. If you’re curious about how strong your password is, check Security.org’s How Secure Is My Password tool. Type in a password and it will tell you how long — from microseconds to years — it would take a computer to crack your password.

Best practice for passwords is 16 characters or longer using a combination of letters (upper and lower case), numbers and characters; do not use a sequence that includes easily cross-referenced data like your phone number, birth date or address; no consecutive letters or numbers; and don’t use a common word or phrase.

Layers of security are important, so turn on two-factor authentication wherever it’s offered. This will require you to receive a one-time code via a second device and type it in to access your account. If you have a computer that uses a biometric identification feature or a phone with face or fingerprint recognition, activate it and set your device to lock after a few minutes of inactivity. Starting last September, Microsoft offered its home users the Microsoft Authenticator app, eliminating passwords altogether in line with its “passwordless future” strategy.

Still, you can’t prevent data breaches, so monitor your personal accounts for any unusual activity and take action if Google alerts you that your password has been found in a data breach. Change any leaked passwords. If you have used unique, secure passwords, it is less likely they will give hackers access to your accounts. Despite what you may have heard (or what your organization mandates), it is not necessary to regularly change passwords. The security community recommends changing a password only if the account has been compromised.

Leslie Meredith has been writing about technology for more than a decade. As a mom of four, value, usefulness and online safety take priority. Have a question? Email Leslie at asklesliemeredith@gmail.com.

Newsletter