Do cyber security experts practise what they preach?

10 Oct, 2022

Min read

women outside on laptop cyber security courses

Cyber Skills Education and Public Engagement Manager, Dr. Aoife Long made it to No1 in the most read articles in RTE #brainstorm. The article asked cybersecurity experts how they keep their data safe.

The article is included below for your reading pleasure, or you can view it via the link: rte.ie/brainstorm    

---

Analysis: we ask cyber security experts about their passwords, emails, online shopping habits and usage of free wifi

By Aoife Long, Munster Technology University

Doctors make terrible patients apparently, but what about cyber security experts? Across academia and industry, cyber security experts are advising companies and researching the best way to protect data, information and the economy.

But how do these experts protect the information in their own lives? Are they using Gmail? Do they log on to the local café wifi? Let's ask the experts how they protect their data in their daily lives and how easy or not it can be.

Here is my non-random and non-representative panel of cyber security experts: Jorij Abraham is the general manager of the non-profit Global Anti-Scam Alliance who operate national websites that allow consumers to check if a website is legit. Dr Mubashir Rehmani is a lecturer at MTU and one of the country's leading experts on cyber security research.

Joanne O'Connor is cyber security training manager at Hewlett Packard Enterprise. Tony Miller is a Chief Information Security Officer at MTU, a role introduced to companies in the mid-1990s. Louise O'Hagan works with private companies, the EU Agency for Cybersecurity and the Stop.Think.Connect global campaign to raise awareness on cyber security.

Because sharing how you keep your information secure can be a security risk in itself, I’m going to fudge individual answers on most things and provide only a few quotes. A few were happy to respond but were willing to admit that even the experts aren’t always secure. Abraham commented "I would not be surprised if the 'doctors make terrible patients’ does apply if we are honest about it".

First up is email. Gmail was popular with most of the expert panel. Reasons given were loyalty, security features such as multi-factor authentication, good spam filters and the nice user interface. Having more than one account for different uses such as online shopping, work emails or personal was also commonly used. Only one expert used Outlook for everything, with business and personal emails all going to the same inbox.

My next question was about online shopping. Here, there was a range of answers, credit cards, debit cards, Paypal and Revolut. O'Connor felt that the Revolut disposable card is one of the safest ways to pay online. They have a one-time use of that card so even if your details are stolen the card cannot be used again. All of the experts are thinking about their own payment methods, and what could go wrong if the site they are buying from is breached. Only one expert was using debit cards: other mentions of these cards has noted that they were not secure and the protection from the bank is not as good as credit cards if things go wrong.

For getting online when out and about or travelling, most people aren’t using the free wi-fi, with one saying they still do with an oops in brackets. It was one of the first things that I learned not to do when I started in this cyber security job. Rehmani expanded on this: "I want to avoid keyloggers. Keyloggers are installed on computers to record everything you write. So, let’s say, if you visit a country and you enter into an unreliable internet café and you start typing your passwords or entering other credentials, all your data including passwords get logged and later can be used".

O'Hagan added "I was given a live demo of what the ‘free wi-fi’ people, who are often criminals, can see including passwords! This is something everyone should see and I guarantee there will be no-one connecting to free wi-fi ever again!’

The last question I asked was about password security. The approach here was a combination of following password rules and using password managers. The Lastpass password manager was mentioned twice. Rehmani also mentioned the haveibeenpwned.com site to check if your email is in a data breach. It didn’t come up so I’m assuming no one is using the same password across different sites.

Sites to determine the security strength of your password are becoming more common and this was highlighted as a useful feature. Having some form of code or personal rules for generating strong passwords is also part of a strong approach to password security. This could be a short phrase with special characters, or a maths statement with symbols and letters. The good news is that passwords might soon be a thing of the past. "I do look forward to a passwordless future", says O'Hagan. "I have heard this mentioned among the cyber communities recently’.

Although I didn’t directly ask about it, the responses highlighted security of devices such as phones, tablets and laptops as important, given the amount of information they now hold. These devices now use biometric security, which was seen as a good thing.

A common thread throughout the responses was that the experts understand what could go wrong, which informs their behaviour in their own lives. This does take time and forming new habits is hard, but thinking ahead and taking steps to protect your data and finances can go a long way.

Dr Aoife Long is Education & Public Engagement Manager of Cyber Skills, a Cyber Security Education project led by MTU.

The views expressed here are those of the author and do not represent or reflect the views of RTÉ.

 

Related Posts

Dr Donna OShea, Cybersecurity courses

Dr. Donna O’Shea Nominated for STEM Woman of the Year Award 2024

Dr. Donna O'Shea, Chair of Cybersecurity at MTU and Cyber Skills Project Lead, has been nominated for STEM Woman of the Year at the 2024 Women in STEM Awards. This nomination recognizes her significant contributions to Ireland's cybersecurity landscape and her efforts to promote diversity in STEM. Join us on October 24th for a night celebrating inspiring women shaping the future of STEM in Ireland.

Read more
Cybersecurity Awareness Course for University Lecturers

Free Online Cybersecurity Awareness Course for Teaching and Learning in Higher Education

Enhance your cybersecurity skills with a free, 6-week online course designed for educators in tertiary education. Learn to protect digital classrooms from cyber threats and safeguard student data with expert-led instruction from Cyber Skills and the National Forum for the Enhancement of Teaching and Learning. Starts October 4, 2024—sign up today!

Read more
Cyber Ireland

Cyber Skills and Cyber Innovate at Cyber Ireland National Conference 2024

Cyber Skills and Cyber Innovate will be actively participating in the upcoming Cyber Ireland National Conference (CINC) on Thursday, 26th September 2024, at the Lyrath Estate Hotel, Kilkenny. This premier event unites the cyber security community, featuring leaders from industry, academia, and government.

Read more