Posted on August 26, 2018 by James Haigh
When talking about Cybersecurity and the human firewall to business leaders and employees both as part of my job, and to children & young people while volunteering as a Youth Worker, I am still amazed that the two groups essentially behave in the same way, breaking down the assumption that so-called Millennials and GenZ are far better informed than their parents’ generations.
Almost all adopt the position that they know what they are doing and are safe and secure, only for their assumptions to be blown out of the water by Rob May’s concept of the Human Firewall. They then almost all feel silly and ashamed that they may have been careless with their personal and private information, potentially leaving a trail of digital breadcrumbs for any cyber-criminal to pick-up and piece together to form a vector for scamming either themselves, or possible a colleague, friend or family member, or even a senior colleague at their workplace and putting many other people at risk due to the way that they have behaved or been ignorantly careless with their information.
Cifas’ ‘Data to Go’ video highlights the ease by which information can be obtained. We all enjoy a free cup of coffee and pastry in the morning, but what is the true ‘cost of a like’. Remember this isn’t ‘ethical hacking’, this is just picking up the ‘digital litter’ that people have left behind them.
During these summer months, I am still amazed by the number of people (many of which are my friends and should know better!) posting their holiday pictures on publicly accessible social media platforms while they’re still away! A great way to advertise to everyone in the world that your house is empty! I’m not against sharing where you’ve been on holiday, but consider posting your pictures under the phrase “So sad to be home again after such a fantastic holiday. Happy memories” essentially sticking two fingers up at any would be thieves that they have missed their chance to burgle your home.
To be fair, most organisations have now accepted that they have to invest in the security of their IT systems and networks and now consider that having a good, up-to-date firewall is a necessity, but how many are investing in the training of their staff. At a recent IT forum I was involved in, it was decided that all organisations should be spending the equivalent of between 30-60% of their IT budget on staff training in IT, and that a good proportion of that should go towards cyber security, especially in a post GDPR world.
(If you’re a Network Manager, please note that I said “equivalent of” your budget, not 60% of your budget!)
In the last few weeks, I’ve heard of many organisations and individuals that have fallen foul of various scams and traps, many of which fall in to the main categories of ‘phishing’ or ‘whaling’ and all of them could have been preventable if the right training and knowledge was in place.
True, some of the fake emails are so realistic that even seasoned specialist would find it difficult to tell them apart from the real thing, however, there are some really obvious ones out there that no-one should be tricked by, yet it still happens. (You know who you are)
Having a strong password is a good start, and MFA (multi-factor authentication) is even better, but being vigilant with your information and mindful of the unsolicited emails that you receive will only add to your arsenal in defending against your would-be attacker.
These types of attacks are now part of the IT landscape and we won’t ever get rid of them, but by changing the way we use IT systems only slightly we can make it much more difficult to be a target.Get in touch for help with your human firewall