Cyber security: A matter of digital hygiene (Part 1)
In recent weeks, HIT was hit by the WannaCry ransomware. This served as a wake up call to all for what happens when people don’t adhere to security standards. The devastating ransomware hit that institution despite the fact that Microsoft released a patch for the exploit in March. The egregious ransomware targeted outdated systems like Windows XP, a majority of victims were on windows 7, which meant that they didn’t update their software
With the rapid rise in cybercrime, cyber security has to become common sense. Cyber security now has to be looked at the same say we look at personal hygiene, travel safety and other universal safety issues. According to cyber security experts, if people developed better habits like washing hands, but against cyber threats, it would drastically remove the number of threats, breaches, hacks and malware victims, the same way wearing seat belts can significantly reduce the risk of fatal accidents.
Looking both ways before you cross the street. Put seat belt on when you get into a car. These are personal habits for safety that we have developed for time but when it comes to cyber security this common sense is rare. There are a lot of people who still think a password is still a good way of protecting your data. In 2016 Keeper security (based in USA) looked at 10 million of stolen passwords in data breaches, and 1,7 million of them were “12345”.
This reveals that we are kind of terrible when it comes to protecting our personal data. It is the kind of environment that opens a door to things like the massive “Wanna Cry” which largely proliferated because people were unwilling to upgrade to newer, more secure software.
Measures to reduce security threats
- Public institutions should implement security frameworks such as the ISO 27000 series, in order to reduce the risk of cyber security threats
- Ransomware target public institutions because they usually hold a lot of valuable data that can be sold on the dark web.
- Company employees should be educated on the various attack methods that cyber criminals use such as social engineering and phishing.
- Information technology personnel should always backup company data periodically so as to reduce the impact of a cyber attack (sometimes these attacks are simply inevitable)
- Computer programs used within organisations should enforce the use of strong passwords. Instead of using a single password for every account, employees can use password generating applications such as lastpass, which generate very strong passwords for every account.