Top Scoops

Book Reviews | Gordon Campbell | Scoop News | Wellington Scoop | Community Scoop | Search


Bosses overestimate workers’ online security know how

Humans are online security’s weakest link. That’s not news. Yet New Zealand bosses will plug every other hole before they attend to the problem.

One problem is that managers have an unrealistic view of worker’s security smarts.

Aura, an Auckland-based security company is on to the problem.

From a recent Aura press release:

Businesses can have the best protection available, but if a staff member unknowingly lets a cybercriminal into the system then it won’t matter.

Independent research commissioned by Aura Information Security reveals staff are not as secure as their IT managers may think.

While 62 percent of New Zealand businesses say they carry out security training exercises with their staff, 37 percent of Kiwis say they have received training on good cyber security practices .

Good password practice

This disconnect is further emphasised by password practice. Many IT managers encourage staff to use password managers. This guards against the most common password mistakes aren’t made.

Yet, few staff take this advice. Aura says a third of employees admit to reusing the same passwords for work and personal devices and accounts.

For me, this gets to the nub of the problem. Companies are happy spending money on things. They buy security software, firewalls and even tools like password managers.

This sets up a false sense of security. It would be unfair to say they buy security products and sit back feeling safe. But there is an element of this.

In too many cases companies don’t train their staff how to use the shiny new security tools. Nor do they check on how things are working in practice. If they do any training it can be out of context. You have to explain why password hygiene is important. People need to understand the risks are and what the consequences could be.

Software updates

Another problem with people not updating their software to the latest versions. Updates include fixes to security recent holes. A lot of the time you can configure software for automatic update, your employees need to know this. They may need to handle the updates themselves.

All this is harder now many people work from home. They may even use their own hardware and software.

Which is why it’s important to educate people on online security basics.

Take phishing - that’s tricking people into sharing private information. It remains the most common attempted online crime.

Phishing relies on people not being trained to recognise security threats. There will be workers who don’t know this, let alone how to respond.

Tools can help online security, but the best defence is to help people develop safe habits. If you’re spending money on online security, think of budgeting at least half of the total on education.

Bosses overestimate workers’ online security know how was first posted at

© Scoop Media

Top Scoops Headlines


Ian Powell: Pay Freezes, Health Systems And Medical Specialists

What has a pay freeze got to do with a universal public health system? Actually quite a lot. Health systems, especially public hospitals which handle the more complex and urgent cases that the rest of the system can’t fix, are by their very nature ... More>>

Forgetting Citizenship: Australia Suspends Flights From India

As India is being devastated by COVID-19 cases that have now passed a daily rate of 400,000, affluent and callous Australia has taken the decision to suspend all flights coming into the country till mid-month. The decision was reached by the Morrison ... More>>

Digitl: UK Spy Chief: “The West Has To Go It Alone On Tech"

“Cybersecurity is an increasingly strategic issue that needs a whole-nation approach. The rules are changing in ways not always controlled by government. More>>

The Conversation: Without The Right Financial Strategies, NZ’s Climate Change Efforts Will Remain Unfinished Business

When it comes to climate change, money talks. Climate finance is critical for enabling a low-emissions transition. This involves investment and expenditure — public, private, domestic and transnational — that demonstrably contributes to climate ... More>>

Dr Terrence Loomis: Does Petroleum Industry Spying Really Matter?

Opinion: Nicky Hager’s latest revelations about security firm Thompson and Clark’s ‘spying’ on climate activists and environmental organisations on behalf of the oil and gas industry and big GHG emitters makes entertaining reading. But it does ... More>>

Mixed Sight: New Zealand, The Five Eyes And China

The Five Eyes arrangement between the United States, United Kingdom, Canada, Australia and New Zealand has always resembled a segregated, clandestine club. Focused on the sharing of intelligence between countries of supposedly like mind, it has shown that ... More>>