main

Application SecuritySecurity

Millennials and Cybersecurity: Understanding the Value of Personal Data

September 19, 2018 — by Jeff Curley2

GettyImages-546802904-960x640.jpg

From British Airways to Uber, recent data breaches have shown how valuable our data is to cybercriminals – and the lengths to which they will go to access it.

The size and impact of these breaches has meant that topics once reserved for tech experts and IT personnel have transitioned into a more mainstream conversation. Revelations about how important our data can be, such as the Cambridge Analytica scandal, have amplified these sentiments and changed the way in which many use digital services altogether.

The result is that consumers, especially millennials, are very concerned about how the organizations they are trusting with their data safeguard their information – and how they will make amends if a breach does occur.

In fact, our latest survey found that almost half of UK millennials now refuse to give up their personal data to businesses as they don’t trust them to keep that data safe.

Who Do You Trust?

Millennials are also likely to look outside the box when it comes to checking for data breaches. In our survey, almost 15% said they searched the dark web to find their data, while 13% used data breach search websites.

But while the majority are security conscious when it comes to how businesses use their personal data, many are in fact taking risks when it comes to other forms of data security, like sharing Netflix or Amazon Prime login details with friends and family.

When we consider that it has been suggested up to 80% of the population use the same password for all of their online accounts, login sharers may be inadvertently be sharing their online banking password at the same time as sharing their entertainment account login. It’s clear to see how a problem could develop.

[You might also like: Consumer Sentiments About Cybersecurity and What It Means for Your Organization]

Taking Password Hygiene Seriously

There’s currently a battle going on between security and usability, with businesses and consumers both trying to find a sweet spot between a comfortable service and providing the necessary security.

For consumers, especially millennials, there are some rules of thumb that can help in this battle.

The most important rule is also the most obvious – protect your passwords! Unsecured login credentials are today’s number one tool for cybercriminals to access user information. Usernames and passwords are for sale on the dark web by the millions and, as mentioned before, hackers know people are often using the same password on different sites so they are likely to try using these credentials on other, more valuable, sites.

We all struggle to remember some of the complicated passwords we have to create in order to gain access to some websites. That’s why the temptation to replicate credentials across sites is strong. After all, humans are not meant to remember passwords, and good passwords should be hard to memorize!

One approach to deal with the issue is to use passphrases which are easier to remember. However, this approach can still lead to the temptation to use the same passphrase everywhere and often websites prompt the user to create passwords with variations in letter case, characters, and numbers that are themselves difficult to remember.

A better approach is to let your computer do the hard work and use a password manager. Using a unique random password for each site is the best way to protect yourself from data theft online as if data leaks from one site it will have no effect on the rest of the sites you visit.  Personally, since two consecutive breaches that affected me in a space of just two weeks (each coming with a sensible advisory to reset my passwords everywhere) I have taken to using Apple iCloud Keychain to take away the pain of having to generate unique passwords everywhere.

Additionally, use two-factor authentication where available. This will ensure that even if a hacker has your password, it will be very hard to break into the site. Specifically, use two-factor authentication when you log in to your password manager.

Although using a password manager might be considered a risk by itself – you’re putting all of your passwords in one place, after all – security experts believe that the risk is still lower than any other password system. Modern password managers do a great job at keeping your passwords secret. But in order to lower the risk further, never log in to your password manager on an unknown device.

2018 Mobile Carrier Ebook

Read “The Millennial View on Data Security” today.

Download Now

Security

Deal, No Deal: The State of U.K. Cybersecurity Post-Brexit

June 14, 2018 — by Jeff Curley0

brexit-state-of-cybersecurity-960x677.jpg

A topic inescapably in the minds of us Brits is what type of relationship will the U.K. maintain with the EU post our departure, which in one transitional form or another is slated to commence 29 March 2019.

The next few months are considered to be a pivotal period for defining what this relationship will look like and of as of right now there are many unknowns, including implications for the U.K.’s cyber assurance capability.

There are broadly three domains across cybersecurity that could be impacted by the character of the agreements struck: Skills access, legal matters and threat intel sharing.

It is sensible for security leaders in U.K. -headquartered businesses to start thinking about the potential impacts and considering plans to mitigate.  The below is not an exhaustive exploration, just some initial food for thought.

DDoSSecurity

Cloud vs DDoS, the Seven Layers of Complexity

March 7, 2018 — by Jeff Curley0

cloud-vs-ddos-960x656.jpg

A question that I’ve encountered many times in the field of late is what are the impacts of DDoS attacks on cloud compute environments?  The primary benefit of cloud is that it elastically scales to meet variable demand, scale up instantly, scale down when demand subsides – in seconds…  So layman’s logic might say that cloud-based services are immune from the downtime effects of DDoS attackers, however the possibility of gigantic unexpected bills is a given?