“Many senior executives are known to be so busy that they delegate their passwords to staff in order to avoid stalling operations requiring their digital interventions or approvals.”
By Bernard Wainaina
Is your company or organisation doing corporate blogging?
If yes,your site is a sitting duck for online hackers.
Several reasons contribute to this online security weak links and I will try to highlight some of them,but the main culprit is a share password among the staff entrusted to post on the blog,website,or a social media handle on behalf of your outfit.
The human being, it is often said, is the weakest link in any security framework.
Put differently, if governments enacted the necessary cyber-security laws while the judiciary, prosecution and the police upgraded their ICT skills appropriately, Netizens(Online citizens of the world) would still be vulnerable online unless they
too did their bit.
Most netizens are street-savvy and stay out of danger by not walking along certain streets or not driving through certain roads after dark.
However, the same netizens do not take similar safety measures online and therefore present easy targets to an increasing number of cyber-criminals.
Take, for example, the matter of passwords.
There is a good number of users whose password is either their name or the name of their girlfriend, boyfriend or some close relative.
If your name is say, David Kamau, please be more creative and avoid a password like “davidkamau” because that is what the hackers begin with in their effort to guess your password.
Of course the reasons users prefer simple passwords is because they do not want to forget them, but unfortunately this makes life easy for the hackers.
To meet the conflicting demands of a strong but memorable password, users should mix letters and numbers while sounding out some words.
“Eye_Se@_Se@” for the word “ICC” or “8-f0re-f0re” for the phrase “8-4-4” would form good password examples, in that they are not uniquely attributable to you, are fairly long and complex, and remain easy to remember.
Don’t adopt these specific examples, of course, but think along these lines when coming up with your complex but memorable passwords.
Many senior executives are known to be so busy that they delegate their passwords to staff in order to avoid stalling operations requiring their digital interventions or approvals.
This brings us to password sharing, another human weak link in the security framework.
Of what use is a complex password if you give it to your secretary or personal assistant, who may then share it with their friend or colleague?
ONE PASSWORD MANY ACCOUNTS
Another emerging problem is the blurring lines between the social and corporate lives of employees.
Many executives, politicians and public figures today have active social media accounts on Twitter, Facebook and LinkedIn amongst other networks.
Rather than trying to remember different passwords for the many accounts, these folks tend to share one password across these accounts which exponentially increases their exposure to attacks.
Hackers may compromise one social media password,and use that to gain entry into the rest of the accounts that may include corporate emails and databases.
The moral of the story is that one should keep their social media passwords very different from corporate and other passwords.
Similarly, but on a more personal level, if you have an online banking account, please ensure that your banking password is different from your Twitter or Facebook password, otherwise you are a big victim waiting to happen.
Another area that is popular for harvesting passwords is that favorite pub or coffee shop offering free Wi-fi or Internet hotspots.
Many of the facilities offering free Internet do not have professionally installed hotspots.
This means that hackers can easily gain control of the hotspot and plant a “listener” that proceeds to monitor communications and harvest important passwords from innocent customers.
Does it mean we should not enjoy free internet services at restaurants, pubs, coffee shops or airports?
Just like you know when it is safe to walk across that lonely street, or when to visit that ATM machine, you should also be able to judge which free hotspots are likely to be poorly managed and avoid them.
However, the general rule irrespective of the facility is that sensitive tasks such as online banking should never be executed over random, free wireless hotspots.
User devices such as laptops, tablets and mobile phones present the highest source of risk within a security framework.
This is particularly true because mobile
devices today are internet-enabled, meaning that users tend to be continuously logged on, even when not using them.
If you lost your mobile phone or tablet today, chances are that the thief would have automatic access to your email and possibly your social network accounts.
They can essentially pretend to be you, the classic case of identity theft.
FAKE DISTRESS MESSAGES
Having acquired your identity, they can proceed to change your password and lock you out of your services, and then with your account, start sending fake SOS messages, claiming that you are stranded in a some
remote banana republic, and urgently need dollars from your friends and relatives to get you out of a mess.
What, then, should online users do?
There is never going to be a situation that is 100 per cent secure– unless you decide to switch off your online services and retreat to life in a cave like our forefathers.
The preferred option,then, is to stay online, but ensure you enhance your online security awareness, and remain street-savvy on the information superhighway.
“The African Story as told by Africans”.©African News Digest®