'Data Data Everywhere' a Precarious Situation! Cyber Safety is now Everyone's Responsibility.
You are about to present in a board meeting, oh no you are locked out of your system and now required to change the password due to the strict password management policy you never really understood why the password has to be complex or different, you just want to get the job done. So on the spot right now you the "John Smith" hard working employee is frantically changing your password while eveyone is looking left and right, sometimes at you and waiting for your presentation to begin....
There is always an explanation why things go wrong but the key is if the reasons uncovered are acceptable or palatable. So to explain your situation you whiz through events as they unfolded earlier this morning and it went something like this.... morning alarm is ringing , after snoozing the app on your "smart" phone a few times you realise its time to get up, you rush with making yourself reading and luckily "Alexa" knows what you want to hear so the rushing of things are more enjoyable while of course its stressing you if you are late at the meeting you want to reach on time. You get yourself in the car, lo and behold maps linked to your smart phone already know your work destination and the best route to avoid that route (where a car crash due to phone distraction caused road closure in early hours of the morning, you find this out later of course). So you rush to your meeting and guess what your presentation on the USB stick you saved so meticulously just won't work on the meeting room's system, so you frantically take out your laptop realising that actually you were required to change your password last night to another complex password but you forgot to do it.
So what do you do... yes like every other human being on the spot you put your most memorable password in your corporate laptop, not realising that the site where you last used it was hit by a data breach and all the account including yours were reset due to password compromise. You don't understand what that means as you think in your mind, wait a minute that was a different site this is different so what if I use the same password, "how would anyone know?" Now basically you have put not just yourself in the line of fire but also all the confidential data you hold in your account and access to any system you may have from your system. Also if you have been reusing the password on any other application, email, social media... the impact of a successful attack using your password would be not just company confidential data but your confidential data which you had been feeding to the behemoth data hoarders like Google, Amazon, Microsoft, Bing, Linkedin, Ebay Facebook, Apple,, & (or lets just say shorten it to GAMBLE ). So while you are happy and trust the GAMBLE sites you along with other billions of users created a massive can of worm situation. Attackers out there love the fact you cant deal with so much data.
Data, Data Everywhere!!!!
Now I am not saying everyone is not going through a challenge when they change their password but honestly and empathetically speaking, folks who do not bear the title of "cyber security professionals" do try to focus on their core task of delivering whatever they are suppose to deliver at work and that is a giant ask in first place. When it comes to security of a system yes you as a loyal employee want to do the right thing but you just can't be bothered to go through all the hoops, and courses and awareness spread out by your Company Security and Compliance team. Many of you naturally tune out from such courses when they are played on your system (yes I know I had those frank conversations with colleagues who just cant bear it) so naturally you complete that task your line manager assigned you, thereby ensuring for your company's board members that if worst happens the audit team can nicely present the evidence of compliance and if there are to be any costs insurance premiums that had been eating in on the profits will come to use or fines will be reduced as you the company did all it could.
Ok don't get me wrong organisations are focused on their core business and non-security employees are focused on their core job, so without being any kind of judge I do understand why things don't work on a personal level as well as corporate level.
You the hard working employee who is in no way a hacker or done anything vaguely bad needs to understand what is happening around you before applying the useful advice given by your "Security Team" in a very systematic way. You need to realise that you are the "Vector" for a determined and sophisticated "Attacker", you could be the medium to next big security failure in your life or company's profitability. You could be the weakest link in this chain of security defences your Company has spent millions of dollars/pounds/Euro/(your local currency equivalent) and countless hours (everyone has same amount of hours just spend them wisely :)).
As a modern day workforce and society we need to realise that what we do in our personal domain , public domain or work domain is all linked/connected more so when comparing such a concept with baby boomer's generation and even hundreds of generations before them. Anything and everything we do is logged in a system and keeping confidential a simple chat or a seemingly benign "note to self" is now a challenge unless you the medium plays smart and owns the task of educating yourself from threats of the new world order.
Let the self education in Cyber Safety begin :)