Safer Internet Day (SID) launched four years ago today. Largely aimed at helping consumers and young people to be safe and responsible users of digital technologies, however, the benefits of extending it to a corporate audience has unfortunately been widely ignored by enterprises.
They have, of course, participated in the education programmes organised by SID, but I wonder if as well as helping promote e-safety externally the day offers an opportunity for a little internal communication as well?
Enterprises and organisations across the public and private sectors have invested heavily in security technologies to reduce risk and security breaches. But technology is only part of the puzzle; you can have the most intuitive system in the world, but if your employees aren’t cyber-savvy then it presents a real problem. A welcome vulnerability that hackers will exploit for their own gain, because human habits and nature are, quite often, the Achilles heel of security.
Warnings about password hygiene and not opening suspicious emails might be in bold typeface and underlined in your Acceptable Use Policy, but the fact is such behaviour is common. I bet if you walked around your organisation now you’d probably even find passwords written down on a piece of paper.
Just how free and easy employees are with their passwords was underscored by Sailpoint’s Market Pulse survey, which found that 20 per cent of those questioned shared their passwords with team mates. A further one in seven would even sell their password for £100!
To employees, passwords are a commodity and a tradable one at that. Whilst requesting them to use a different password to access different services and applications might seem like a reasonable request to you, to them it is a pain. The likelihood is that rather than striving to remember many, they’re using the same password to access all corporate data as well as secure their mobile device/laptop etc. Passwords, let’s face it, are not great. But for the time being, until biometrics are widely commoditised, they’re all we’ve got.
Just like we have to mitigate the element of human error in the spread of malware, BYOD and cloud services. Passwords are just one, although prolific, example. Hackers are hunting down vulnerable businesses and exposing them, sometimes for a political message, sometimes to cause embarrassment and other times just because they can.
Against this back drop you simply cannot engage your employees enough around the topic of good security behaviours. They are the cornerstone of your security policy and investing in their knowledge will surely reap dividends in the long run.
For that reason I would urge companies from the very small to the very large to get behind Safer Internet Day. The principles of safety and responsibility that lie at the very heart of the day itself have never been more prevalent to businesses.
Charles Sweeney is CEO of Bloxx