Do cyber security experts practise what they preach?

10 Oct, 2022

Min read

women outside on laptop cyber security courses

Cyber Skills Education and Public Engagement Manager, Dr. Aoife Long made it to No1 in the most read articles in RTE #brainstorm. The article asked cybersecurity experts how they keep their data safe.

The article is included below for your reading pleasure, or you can view it via the link: rte.ie/brainstorm    

---

Analysis: we ask cyber security experts about their passwords, emails, online shopping habits and usage of free wifi

By Aoife Long, Munster Technology University

Doctors make terrible patients apparently, but what about cyber security experts? Across academia and industry, cyber security experts are advising companies and researching the best way to protect data, information and the economy.

But how do these experts protect the information in their own lives? Are they using Gmail? Do they log on to the local café wifi? Let's ask the experts how they protect their data in their daily lives and how easy or not it can be.

Here is my non-random and non-representative panel of cyber security experts: Jorij Abraham is the general manager of the non-profit Global Anti-Scam Alliance who operate national websites that allow consumers to check if a website is legit. Dr Mubashir Rehmani is a lecturer at MTU and one of the country's leading experts on cyber security research.

Joanne O'Connor is cyber security training manager at Hewlett Packard Enterprise. Tony Miller is a Chief Information Security Officer at MTU, a role introduced to companies in the mid-1990s. Louise O'Hagan works with private companies, the EU Agency for Cybersecurity and the Stop.Think.Connect global campaign to raise awareness on cyber security.

Because sharing how you keep your information secure can be a security risk in itself, I’m going to fudge individual answers on most things and provide only a few quotes. A few were happy to respond but were willing to admit that even the experts aren’t always secure. Abraham commented "I would not be surprised if the 'doctors make terrible patients’ does apply if we are honest about it".

First up is email. Gmail was popular with most of the expert panel. Reasons given were loyalty, security features such as multi-factor authentication, good spam filters and the nice user interface. Having more than one account for different uses such as online shopping, work emails or personal was also commonly used. Only one expert used Outlook for everything, with business and personal emails all going to the same inbox.

My next question was about online shopping. Here, there was a range of answers, credit cards, debit cards, Paypal and Revolut. O'Connor felt that the Revolut disposable card is one of the safest ways to pay online. They have a one-time use of that card so even if your details are stolen the card cannot be used again. All of the experts are thinking about their own payment methods, and what could go wrong if the site they are buying from is breached. Only one expert was using debit cards: other mentions of these cards has noted that they were not secure and the protection from the bank is not as good as credit cards if things go wrong.

For getting online when out and about or travelling, most people aren’t using the free wi-fi, with one saying they still do with an oops in brackets. It was one of the first things that I learned not to do when I started in this cyber security job. Rehmani expanded on this: "I want to avoid keyloggers. Keyloggers are installed on computers to record everything you write. So, let’s say, if you visit a country and you enter into an unreliable internet café and you start typing your passwords or entering other credentials, all your data including passwords get logged and later can be used".

O'Hagan added "I was given a live demo of what the ‘free wi-fi’ people, who are often criminals, can see including passwords! This is something everyone should see and I guarantee there will be no-one connecting to free wi-fi ever again!’

The last question I asked was about password security. The approach here was a combination of following password rules and using password managers. The Lastpass password manager was mentioned twice. Rehmani also mentioned the haveibeenpwned.com site to check if your email is in a data breach. It didn’t come up so I’m assuming no one is using the same password across different sites.

Sites to determine the security strength of your password are becoming more common and this was highlighted as a useful feature. Having some form of code or personal rules for generating strong passwords is also part of a strong approach to password security. This could be a short phrase with special characters, or a maths statement with symbols and letters. The good news is that passwords might soon be a thing of the past. "I do look forward to a passwordless future", says O'Hagan. "I have heard this mentioned among the cyber communities recently’.

Although I didn’t directly ask about it, the responses highlighted security of devices such as phones, tablets and laptops as important, given the amount of information they now hold. These devices now use biometric security, which was seen as a good thing.

A common thread throughout the responses was that the experts understand what could go wrong, which informs their behaviour in their own lives. This does take time and forming new habits is hard, but thinking ahead and taking steps to protect your data and finances can go a long way.

Dr Aoife Long is Education & Public Engagement Manager of Cyber Skills, a Cyber Security Education project led by MTU.

The views expressed here are those of the author and do not represent or reflect the views of RTÉ.

 

Related Posts

Kinsale Cyber Safety Team

The Cyber Safety Team Visited the Kinsale Active Retirement Association

The Cyber Safety team visited the Kinsale Active Retirement Association to provide essential cybersecurity education for older adults. Supported by Research Ireland and the NCSC-IE, the session covered online safety tips, scam prevention, and password management. Engaging activities and community interaction enhanced digital literacy

Read more
Maritime Cybersecurity Challenge, cybersecurity courses

MTU hosts Simulated Maritime Cyber Attack team exercise

MTU hosts a simulated maritime cyber attack challenge in collaboration with the Irish Naval Service and NMCI, highlighting the need for cybersecurity skills to protect Ireland’s ports. This immersive event, held in MTU’s state-of-the-art Cyber Security Lab, allowed teams to tackle realistic cyber threats in a virtual port environment, advancing Cork’s role as a cybersecurity hub.

Read more
Minister and Tanaiste, Cyber security Courses

Tánaiste Micheál Martin and First Minister of Wales Visit Cyber Skills and MTU

The Cyber Skills Team at the Nimbus Research Centre  had the honor of hosting Tánaiste Micheál Martin and First Minister of Wales, Eluned Morgan, This was the First Minister's first overseas visit, marking a milestone in Ireland and Wales relations.

Read more