Staff are a significant risk to their employer’s cyber security according to research by specialist global executive search and interim management company Norrie Johnston Recruitment (NJR).
The research, which forms part of NJR’s cyber security report: how real is the threat and how can you reduce your risk, shows that 23 per cent of employees use the same password for different work applications and 17 per cent write down their passwords, 16 per cent work while connected to public wifi networks and 15 per cent access social media sites on their work PCs. Such bad habits and a lack of awareness about security mean that employees are inadvertently leaving companies’ cyber doors wide open to attack.
This research is supported by a report which incorporates the advice from fifteen experts in the field. Here, Richard Cassidy, Alert Logic, shares the simple steps employees should take to make life harder for hackers
“The online world is vast; it’s a vortex of data and a gateway for hackers. But you don’t have to transform into a Jedi to oppose the threats in the hidden fortress that is the internet. Just encourage your employees to follow these straightforward and simple tips to make life harder for hackers and keep you secure:
- Open Wireless Access Points
As you take a seat on the comfy leather sofas in Starbucks, slurping on your foamy Café Latte, the next stage in the ritual is to catch-up on emails, read the latest news, listen to a podcast or just search the web … but STOP. Most mobile devices now automatically connect to wireless networks but open wireless networks are inherently insecure.
You are giving hackers easy access to your contacts, pictures, data and possibly even your company data – making the exfiltration easy. Hotel networks are not exempt either. The saying, when in Rome, does not apply to open Wi-Fi.
- Apps – read the small print
You’re walking in the street and a stranger asks permission to use your phone. You have all your information, photos, contact details etc on there and, of course, you politely decline. So why are you agreeing to let the apps on your phone do the same? The more access points there are to your data, the harder it is to maintain security. Read the permissions list and tie it back to the app’s features: for example, why would a parking app need to access your photos, contacts, text messages and many more misunderstood and underestimated permissions? You’re right to be suspicious.
- Password Recovery
Almost everybody has a password recovery set up of some sort. Most people are conscious that simple passwords are not secure, so they are making their passwords longer and stronger. But the knock-on effect of this is that hackers try to find the weakest link in, and so are now looking at taking over the password recovery process. Most of these recovery processes ask very specific questions such as: what’s your first pet’s name, mother’s maiden name etc. Hackers can easily source this information and engineer a password reset for your account. Any password recovery question should have nothing to do with your life – or anything anybody could possibly know about you. You always have to be one step ahead.
- Common Sense
Banks rarely communicate important account information via email, so if you receive an email from your bank that does, either logon directly to your application (without clicking through from the email) or call them by phone to verify. Getting into the habit of never clicking on links within an email or opening unsolicited files will save you a lot of hassle.
Some people even store their credit card details on shopping sites. How many of us have said ‘yes save my details so I can go back and order’. You have to be savvy online – just enter your credit details manually.
Consumers definitely have a role to play in their own security. If you apply these small changes, you will make it a lot harder for hackers, and remember, if you are not sure – then it’s probably not secure!”
To read more useful and practical insights into topics including: How to assess the scale of your risk level; Managing the immediate aftermath of a security breach; How different sectors are affected, download the full report – http://www.norriejohnstonrecruitment.com/downloads/cyber-security/
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.