CEO Series: A nudge in the right direction
The price tag for cyberattacks is only getting higher. The average total cost of a data breach is now USD 3.92 million, according to the 2019 Cost of a Data Breach Report.
Is it fair to expect all employees to be experts when it comes to preventing cyber-attacks? No, I don’t think it’s fair or realistic. As employers and suppliers of network services, we are the ones responsible for mitigating risk and making it easier for employees to do the right thing.
The nudge theory, using positive reinforcements to influence behavior, is a great way to help employees down a more secure path. Passwords are a good place to start since these are the first line of defense. One simple, concrete way to “nudge” is to reward users for choosing longer passwords by extending the expiration period. Shorter passwords need to be changed frequently and passwords that appear on a list of leaked passwords shouldn’t be allowed at all.
Passwords continue to be one of the weak links in the security chain, according to recent reports. MSB, the Swedish Agency for Social Protection and Contingency, warns in a new campaign that almost half of all Swedes use the same password on several websites. Password reuse is a global problem. The 2019 State of Password and Authentication Security Behaviors Report surveyed 1,761 IT and IT security practitioners in the United States, United Kingdom, Germany, and France, and found that 51% of respondents reuse an average of five passwords across business and personal accounts.
It’s good that this topic is raised in different forums. But I want to point out, like I’ve blogged earlier, responsibility for preventing cyberattacks cannot be put on the general public or individual employees. This must be managed within the IT systems we depend on.
MSB’s campaign is running in the month of October during European Cyber Security Month. The purpose is to raise awareness and promote cybersecurity among EU citizens.
Help spread awareness, and block the security gaps!