A lack of cyberspace education leaves workers with their personal details stolen and companies at risk – so what can businesses do about it?
The deployment of regulatory arsenals, such as the General Data Protection Regulation (GDPR) on Friday May 25, couldn’t possibly make the importance of protecting private data any clearer in this age of hack attacks. Indeed, from a survey of 2,000 workers carried out by CV-Library, the job site, 83% agree on the significance of cybersecurity.
This was particularly clear when it came to job applications. Given many candidates supply personal data like home addresses, date of birth and even their national insurance number on their CVs, it’s hardly surprising 68% of those aged 55 to 64 worry about their online CV information being stolen. Interestingly, only 42% of those aged between 18 to 24 shared their worries.
However, regardless of the widespread concern, 28% of workers confessed to using the same passwords across multiple online accounts. And that’s despite, 22% having already suffered a hack attack in the past.
Commenting on the research, Lee Biggins, founder and managing director of CV-Library, said: “Our survey reveals some stark contrasts between those who worry about their personal identity being stolen and those who put themselves at risk by not using strong and separate password for their email account. Many job hunters are leaving themselves open to cyber attacks without really knowing it is happening and this is something that needs to be addressed.”
Still, it’s easy to see why some people recycle the same password over and over. “For simplicity, staff often choose weak passwords when given the option,” said Oz Alashe, CEO of CybSafe, the cybersecurity training platform. “A succinct password is both easier to recall and quicker to type out. To complicate matters further, many websites have unhelpful password requirements, demanding a specific number of characters, as well as digits, symbols, uppercase letters and lowercase letters.”
But despite this lax attitude being understandable, it paints a virtual target on the backs of workers and their employers. “The vast majority of people [don’t understand] that breached credentials from one system can be used to gain access to another,” said Tony Pepper, CEO and co-founder of Egress, the data security service provider, detailed.
So can employers ensure people don’t carry these bad habits into their workplaces? Seemingly it calls for a duty of habitual de-weeding, which falls in the hands of the company’s leadership. The problem is that the C-suite are often not much better than their employees. “Worryingly this is often an attitude that trickles from the top down,” said Randhir Shinde, CEO of Galaxkey, the data protection platform, “Many small and medium-sized businesses still don’t consider cybersecurity a [priority.]”
And he’s hardly alone in having noticed these sort of boo-boos from business leaders. “[There] was an instance when a chief financial officer opened a personal email on a corporate device thinking it was a message from his wife about selling a property,” said Stephen Burke, founder and CEO at Cyber Risk Aware, the company designing cybersecurity training platforms. “It led to his personal email account being fully compromised, with all his contacts receiving the same email from his account, all emails and contacts deleted in addition to his password being changed to the email account. To add insult to injury, he was using the same password across many of his accounts which were tied to his phone.” Yikes.
Given cybersecurity fiascos like these, ensuring employees are constantly trained in online safety is a good place to start. “It is critical to take the time to educate employees on how to recognize and report phishing and other cyber threats to prevent criminals from obtaining sensitive corporate data,” urged Gerald Beuchelt, chief information security officer at LogMeIn, the cloud connectivity software.
This attitude saved one company a lot of worries recently when an employee received an email – allegedly from a senior executive – asking for confidential records to be sent via return email. “The quick-thinking recipient, sensing something was ‘phishy’, took a closer look at the message, noticed it was sent from an AOL account and informed the IT department of the activity,” he said.
However, even knowledge can never truly prepare for the most out of the blue attacks: alongside new fashioned technical awareness an injection of professional help doesn’t hurt either. “[Businesses] must ensure that they don’t just educate employees on best security practices, but that they also provide the right tools.” Said Steve Schult, senior director of product management at LastPass, the password management software. “Thankfully, getting passwords under control can be as simple as using a password manager and educating employees on best practices.”
Although having internet access is standard for businesses, without the correct awareness it can easily turn against you. So make sure your employees are trained in these things to avoid a good thing turning sour.