Recently, we had a reminder of how important cyber security measures are – even when they’re inconvenient. A customer of ours received a phishing email, which tricked a staff member into divulging their email login details. Armed with this info, the criminals that sent the email logged into the victim’s email account, from where they stole the entire contact database and other valuable data.
Sadly, this was an illustration of simple human error – a factor involved in a large proportion of all successful attacks. With the right training, it’s possible to greatly reduce the chances of this kind of thing happening, but even then, it can still happen.
That’s why it’s so important to take a multi-layered approach to security. In this case, the attack could have been halted by the implementation of multi-factor authentication; the criminals wouldn’t have been able to log into the compromised account without a special code sent to the mobile phone of the victim.
Unfortunately, the company had turned off two-factor authentication (2FA), because it wasn’t popular with staff, who didn’t like the extra steps involved in logging into their accounts.
This, however, is a price that we all have to pay for our ongoing security. In an ideal world, our electronic communications could go from one place to another without any barriers or checks to slow things down, but we don’t live in an idea world, and cyber security is an absolute necessity.
The problem is that practically all security solutions cause an interruption; they’re gates that have to be opened before our data can get through. For some, including the president of the United States, that makes them too much of a hindrance to be worth bothering with.
Imagine, if you will, a world without borders. No longer would you need passports and visas to travel from country to country. Not only would it be easier to travel, it would also be quicker, because you wouldn’t have to stop and wait while humourless pen pushers analyse your travel documents in forensic detail and grill you about your life history.
But the world doesn’t work like that. In order to preserve safety and sovereignty, it’s necessary to have checks in place.
In the same way, if we were to eliminate cyber security measures, it would allow businesses to do more in less time. That’s all great, but the unwanted consequences would be as predictable as they were damaging: hackers would take advantage in no time at all.
For that reason, we all have to accept that a security-first approach to technology is essential, even if it’s not always convenient. If we have to wait a bit longer to read our emails while they’re scanned for viruses, then so be it. If passwords are harder to remember because they have to be complex, then that’s surely worth it too. And if two-factor authentication increases the time it takes to log into your accounts, then it’s best to just suck it up and be thankful for the security.
At the same time, though, security providers need to continue improving usability without compromising the integrity of their solutions. Learning curves need to be reduced and security methods need to fit seamlessly into people’s work flows. Already we’re seeing progress in these areas, with fingerprint readers, for example, speeding up logins, and trusted device policies making 2FA less of a chore to use.
There’s still plenty of work to be done in making cyber security more convenient, but in the meantime, we all need to realise that inconvenience is a small price to pay compared to the damage that can be caused by cyber crime.
If you're unsure about the quality of your organisation's cyber security, how about arranging a free IT audit with TMB? Contact us to arrange a callback.