It has hardly been a quiet year in terms of IT security so far. The massive breach of a major international credit reference agency, disclosed in September, exposed the highly sensitive personal data of millions of people. A ransomware attack in May took down key IT systems around the world, and even caused UK hospitals to cancel planned operations thanks to the disabling of National Health Service computers. Apple lost the element of surprise when intricate details of their new iOS 11 software were leaked before launch in September.
All of this just highlights the relevance of European Cyber Security Month, taking place this October. While it is easy to say with hindsight, it is likely that at least some of the impact of this year’s cybersecurity breaches could have been avoided, had simple security principles been followed.
Of course, we all want, and expect, large organisations that handle our data to make security a priority. But the truth is that IT security is important for everyone. Employees handling sensitive personal data, or trade secrets, have the ability to hurt their customers or companies. Individuals using computers, tablets or smartphones, can easily fall victim to threats like phishing for personal data, installing malware, or having their online accounts breached.
There are lots of technical aids to better IT security, but even with tools like two-factor authentication, password managers, and anti-virus software, it is clear that technology alone is not enough of a protection. Awareness of the risks and knowledge of how to avoid them is key. After all, a phishing email pretending to come from your bank might fool a spam-filter, but if you understand the tell-tale signs, know what information banks will never ask for via email, and know how to verify with your bank if the request is genuine, you could avoid falling victim to a costly scam.
European Cyber Security Month, an initiative of the EU, puts the spotlight on IT security, with a focus on cyber-security in the workplace, privacy and data protection, cyber-security at home, and skills for cyber-security.
As we wrote in our IT Security Skills position paper last year, “Ultimately, it is the actions of the human user that increase the level of exposure to IT security breaches. Installing the most heightened automated security measures and prescriptive policies is only a partial solution. Most of the cyber security breaches could be prevented and high costs avoided if people followed simple IT security principles like using secure passwords, installing antivirus and malware software, and not clicking on suspicious links.”