One year ago, if you asked me how much I thought about securing my information online, I would probably have said very little. I was in the majority of users who believed "It won't happen to me. I know what a spam email looks like. I pay attention to my accounts. I'm careful in protecting my information." It never cross my mind that someone could potentially tamper with my Nest thermostats. I'd probably have my phone automatically connect to any public WiFi. Two factor authentication or passcodes on my phone? Not worth the extra inconvenience.
Flash forward one year after I started working at Security Innovation, my outlook on cybersecurity has completely changed...you could say pretty extreme. Every now and then I get into a car worrying someone could drive me off the road. I think about quantum computers and if I'll still be able to safely shop online in the next 10 years. The average person doesn't look at all the devices and technology they're surrounded by and think "Here's a good target for a hacker!" Now that I work in cybersecurity, that's usually the first thing that comes to mind. Fortunately, I've learned more than enough to know not to sit around and wait for an attack to happen. Going through our Security Awareness training and participating in a Hackathon, seeing what research our cybersecurity experts are doing, and reading news about what's going on in the industry, I'm now more aware of how serious this threat really is. Everything I do is now always followed by the question: "How secure is this?"
As the Digital Marketing Manager, my job includes marketing through various online channels. Digital marketing has become one of the best ways to reach target audiences and generate leads but also one of the most risky. While securing applications is always critical, attacks often happen due to a simple, avoidable mistake like using an insecure password. Areas like digital marketing could become top targets for attacks because of this, and I'm pretty certain having a secure Twitter password isn't one of the top issues when organizations think about security. So what needs to be done about it?
Protect the Unprotected
Just like securing your personal accounts, I've learned company accounts are just as, if not more, susceptible to attacks. Any online account, whether social media, sales tools, financial resources, etc. needs to be properly secured, whether it belongs to you or the company. It's an area businesses often forget about. You can help protect your accounts by using two factor authentication, storing passwords in a password manager, or simply being smart about what you share and who you share it with. In addition to employee security awareness, I find that organizations need to put more effort into security policies. Several times throughout my career, I was given a laptop previously used by someone else at the organization and guess what? When I turned it on, all their information was still there, even saved passwords! Many times I've noticed shared accounts used insecure passwords like Companyname123 which was easy for everyone to remember but also easy for a hacker to guess. Several organizations allowed me to hook up my work email to my personal phone, and never once asked me to lock my phone or set something up to wipe the data should my phone be lost or stolen.
Most importantly, I strongly suggest getting everyone involved to teach others how to protect their accounts. We're a very collaborative group of people here. Our experts are always educating us non-technical people about new threats and what we should be doing to keep our data secured. Any time we're ready to sign up for a new online service, our engineers get involved in assessing how vulnerable that online software might be. While it's important the software helps get the job done, if it's going to put you and your organization at risk for a data breach then maybe you'll think twice before using it.
Working in the cybersecurity industry has opened my eyes to the emerging threats we face as everyday consumers. My entire job relies on using the internet and software that runs on the internet. I'm sure many of your jobs do as well. As these devices are becoming a common way of life, we often assume everything will be fine when in fact, I've learned how very little some companies integrate security into their products. So, the next time you think about buying a new car, emailing a password to your colleagues, or even sharing a photo on Facebook, I strongly advise you start asking yourself the question: “How secure is this?”