Passwords and other cybersecurity issues under renewed scrutiny

IAM vendors who store or replicate passwords are not fit for purpose, warns Secure Cloudlink

Most people probably have favourite words or numbers that they include in the passwords they use for logging in to their emails or other online services. 

People tend to use memorable words and numbers either separately or in combination in their passwords.

This makes passwords vulnerable to a certain extent, but what makes things worse is that many people use the same password for many different online services – from email to online shopping.

Tech websites often round up popular passwords and make a list out of them, and you find that the word “password” is actually used a password by more people than almost anything else.

The password that’s more popular is even worse – it’s “123456”. That’s according to Gizmodo.

Such practices have been in place for decades, started by the older generation who probably felt overwhelmed by being asked to remember a password at all.

And while you might think younger would be better at coming up with clever passwords, surveys show this is not the case.

According to a recent study, 52 per cent of British people aged from 18 to 25 are using the same password for many different online services.

The UK government’s Cyber Aware campaign, which was behind the survey, adds that about 79 per cent of the 2,261 respondents across all ages they had sent bank details or copies of passports and driving licences via messaging systems.

EM360º asked a couple of UK-based experts for their views on passwords and cybersecurity in general, and below is what they had to say.

Rob Norris, VP head of enterprise and cyber security EMEIA at Fujitsu

“With cyber-attacks a regular occurrence in today’s headlines, it is distressing to see that the public still hasn’t taken steps to better protect their personal information online.

“Every one of us who has ever used the internet from their mobile, PC, laptop or tablet, shopped online or opened an email account is now a potential target to hackers.

“While it is now commonly accepted that neither using a combination of symbols, numbers and letters nor changing passwords periodically can keep accounts safe from cyber threats, using different passwords for different applications is paramount. In this way, if one account is compromised, the rest of them are still safe.

“One thing users should also consider is two-factor authentication alternatives where possible. As passwords and PIN numbers are increasingly being considered a thing of the past because they can be copied, stolen, guessed or shared easily, consumers should be considering biometrics such as facial, voice, iris, palm or fingerprint, for an additional layer of protection.

“There are no more excuses for users to put cyber security on the backbench – we need to stay ahead of the curve when it comes to safeguarding our technology and be vigilant when it comes to our practices.”

Darren Hockley, MD of eLearning provider DeltaNet International 

“There are so many reasons why a business’ security may be compromised today, and as we find more ways to stop the hackers from exploiting our internal systems, it seems that they too are finding new techniques to wreak havoc.

“You only need to read the news to see that data protection breaches are becoming more and more commonplace and whilst it’s true cybercriminals seem to target bigger brands, no business should take cybersecurity lightly; its effects can be extremely damaging.

“Not only does GDPR bring about larger fines for non-compliance, but breaches can have a devastating effect on your business’s reputation.

“While it’s true that most data security breaches originate from external sources, the biggest threat to your IT infrastructure is your employees.

“Uneducated employees run the risk of falling victim to social engineering and ‘man-in-the-middle’ attacks, for example, and the risk is even higher in workplaces that have adopted flexible working practices.

“Something as simple as working on company laptops or phones from unsecured, public Wi-Fi networks, or accessing sites without the secure ‘https’ protocol can cause an issue.

“It’s vital that employees are able to spot the warning signs of cyber-attacks themselves, and know who to speak to should they suspect a data breach has occurred.

“Under GDPR, breaches must be reported to the ICO within 72 hours of an organisation becoming aware of it.

“Cybersecurity is a complex topic and training that should be broken down into easy-to-digest sessions which are interactive where possible.

“Training material should be readily available to staff to refresh their knowledge and should be continually updated to reflect updates to legislation, and new regulations coming into force.”