Despite the growing visibility of cyber security issues, many people still possess a relatively uninformed understanding of them. This lack of understanding means that people generally pose the biggest security threat to businesses. Organisations and their employees can take steps to minimise risk according to CompTIA.
Nick Beaugeard, CEO and Founder at HubOne and Chair, ANZ Community at CompTIA, said, “Some cyber incidents, such as data breaches, are caused by malicious hackers or poor preparation and planning by organisations, and many are a result of employee errors. This is because most workers’ cyber security knowledge and habits continue to lag well behind the state of the threat landscape as it stands today.”
Based on findings from research commissioned by CompTIA there are eight cyber security commandments that everyone should follow to minimise cyber risks:
- Avoid doing secure work on unsecure Wi-Fi networks
CompTIA’s research found that almost all employees (94 per cent) connect their laptops and mobile devices to public Wi-Fi networks (1). Of these, 45 per cent said they do online banking over unsecured Wi-Fi networks, and 60 per cent said they access work documents, potentially putting themselves and their businesses at risk (2).
- Never mix work and personal logins
38 per cent of respondents say they use their work passwords for personal accounts and 36 per cent claim they use their work email for personal accounts. Employees need to be encouraged to separate the use of work and personal emails to reduce the potential vulnerabilities associated with sharing accounts and passwords.
- Stay away from random USBs
In a random USB stick drop experiment commissioned by CompTIA, 17 per cent of employees plugged the USB they had found into their computer, potentially exposing their business devices to malware and other threats. This demonstrates the generally poor understanding of good security practices among many workers.
- Don’t recycle your login credentials
The CompTIA research found that while almost half of workers maintain at least 10 logins, only 34 per cent have at least 10 unique logins, meaning that many employees are recycling their login credentials. This increases the chances of a successful attempts to gain unauthorised access to both business and personal accounts.
- Don’t delay with operating system updates
More than a tenth of respondents said they irregularly install operating system (OS) updates, if at all, on their work computer. This mirrors the 14 per cent of respondents that also treat OS updates on their personal computers the same way. This means that although the majority of employees are up-to-date, there are still some whose devices are at risk.
- Always choose two-factor authentication
More than half of respondents don’t voluntarily apply two-factor authentication to their online accounts, making it much easier for someone to gain unauthorised access to a device or a network.
- Change passwords regularly
More than a third of employees surveyed change their work passwords sporadically. For personal accounts, this figure is well over half. Changing passwords regularly makes it much harder for an account to be broken into.
- Take advantage of cybersecurity training
Almost half (45 per cent) of respondents don’t receive any form of cyber security training from their employers. This is surprising given the growing cyber safety awareness organisations now have.
Nick Beaugeard said, “Business leaders must take a more active approach in educating staff as the threat, software, and device landscapes continue to evolve. Good training programs will ultimately shape end users’ behaviour and prime them to make better choices, minimising risk for themselves and their companies.”
(1) Cyber Secure: A Look at Employee Cybersecurity Habits in the Workplace study; The Blackstone Group; Commissioned by CompTIA; 2015.