Scoop has an Ethical Paywall
Bosses overestimate workers’ online security know how
Humans are online security’s weakest link. That’s not news. Yet New Zealand bosses will plug every other hole before they attend to the problem.
One problem is that managers have an unrealistic view of worker’s security smarts.
Aura, an Auckland-based security company is on to the problem.
From a recent Aura press
release:
Businesses can have the best protection available, but if a staff member unknowingly lets a cybercriminal into the system then it won’t matter.Independent research commissioned by Aura Information Security reveals staff are not as secure as their IT managers may think.
While 62 percent of New Zealand businesses say they carry out security training exercises with their staff, 37 percent of Kiwis say they have received training on good cyber security practices .
Good password practice
This disconnect is further emphasised by password practice. Many IT managers encourage staff to use password managers. This guards against the most common password mistakes aren’t made.
Yet, few staff take this advice. Aura says a third of employees admit to reusing the same passwords for work and personal devices and accounts.
For me, this gets to the nub of the problem. Companies are happy spending money on things. They buy security software, firewalls and even tools like password managers.
This sets up a false sense of security. It would be unfair to say they buy security products and sit back feeling safe. But there is an element of this.
In too
many cases companies don’t train their staff how to use
the shiny new security tools. Nor do they check on how
things are working in practice. If they do any training it
can be out of context. You have to explain why password
hygiene is important. People need to understand the risks
are and what the consequences could be.
Software updates
Another problem with people not updating their software to the latest versions. Updates include fixes to security recent holes. A lot of the time you can configure software for automatic update, your employees need to know this. They may need to handle the updates themselves.
All this is harder now many people work from home. They may even use their own hardware and software.
Which is why it’s important to educate people on online security basics.
Take phishing - that’s tricking people into sharing private information. It remains the most common attempted online crime.
Phishing relies on people not being trained to recognise security threats. There will be workers who don’t know this, let alone how to respond.
Tools can help online security, but the best defence is to help people develop safe habits. If you’re spending money on online security, think of budgeting at least half of the total on education.
Bosses overestimate workers’ online security know how was first posted at billbennett.co.nz.
Bill Bennett
New Zealand technology news
Bill Bennett publishes technology news and features that are directly relevant to New Zealand readers.
Covering enterprise and small business computing, start-ups, listed companies, the technology channel and devices. Bennett's main focus is on New Zealand innovation.
Bill Bennett stories are republished on Geekzone and Scoop.
Stories published on this site are available to publishers for a fixed fee or a monthly subscription.
Binoy Kampmark: The Australian Defence Formula, Spend! Spend! Spend!
Ian Powell: New Hospital Building Trumps ‘Yes Minister’ Hospital Without Patients
Mike Treen: Prices Are Still Rising - It's A Cost Of Living Crisis
Gordon Campbell: On When Racism Comes Disguised As Anti-racism
Peter Dunne: Newshub And TVNZ Tip Of Media Iceberg
Harry Finch: Austerity – For And Against