Habits are, by definition, hard to change or quit: they become a routine, like the first cigarette in the morning or biting your nails when you are stressed; a routine that nothing can prevent or change – just ask a smoker if heavy rain would stop them going outside for their morning cigarette.
When it comes to cybersecurity, having habits makes us predictable and vulnerable, especially when we believe they can protect us from cyber threats. In reality, however, they can put us more at risk. Here is a list of four common habits that we all do because we’ve never had any problems – which doesn’t mean they are bullet-proof:
When a new password is due, I change only one digit
It’s highly recommended to change passwords often to reduce the risk that they are discovered or cracked. For convenience, or laziness, a common practice is to simply change the last digit (for instance from Password1 to Password2) or to use a replica of the last one (from Password to Passwordd). We assume that our password is as secure as before, but nothing could be further from the truth. Better to quit this habit than end up like the CEO of Pokémon Go, whose Twitter account was hacked because of a weak password.
I often connect my business laptop to free Wi-Fi on public transport
Nowadays, public transport like trains and buses provide free Wi-Fi during peak-time journeys to allow commuters to keep up with their busy work schedules while commuting. Although this is a very common practice, people don’t consider the possible cyber threat the free connection represents to their devices. People are negligent when it comes to connecting to public Wi-Fi, as demonstrated by an experiment conducted during the Republican National Convention in Cleveland.
I often log into my business email account from my partner’s mobile
Your cell phone’s battery is low and you have to read and reply to a business email sooner rather than later, so you look for a quick solution: log in from another device. Although this seems like the obvious choice, it can be the source of a possible data breach. You don’t know if the device is secure enough (with encryption, antivirus and anti-malware, etc.) or if it’s been infected by malware without the owner knowing about it. And what’s at stake is your company’s information security. Better to wait for your battery to charge.
I play online games on my business computer during lunch
It’s lunch and you cannot wait to go home and play your favorite online game, knowing that you need a few points to reach the next level. So you log in from your PC at your desk. Although it seems to be secure (you know your company has invested a lot in cybersecurity technology), online games’ websites are one of the most likely places to be infected by malware, ransomware, Trojans and more. Better to not put your company at risk.
Habits are hard to change but people can be inspired and influenced
If you cannot change your staff’s habits, you can positively inspire them to adopt more secure practices. Packed with real-life examples, best practices and engaging activities, IT Governance’s Information Security staff awareness course will teach your staff basic security procedures and how to avoid dangerous situations. It can be customized to include your own branding and security policies and procedures. Moreover, it’s delivered online, which means that the course can be attended anytime from anywhere in the world, helping companies with home-based staff to maintain their staff awareness programme.