Analysis: we ask cyber security experts about their passwords, emails, online shopping habits and usage of free wifi
By Aoife Long, Munster Technology University
Doctors make terrible patients apparently, but what about cyber security experts? Across academia and industry, cyber security experts are advising companies and researching the best way to protect data, information and the economy.
But how do these experts protect the information in their own lives? Are they using Gmail? Do they log on to the local café wifi? Let's ask the experts how they protect their data in their daily lives and how easy or not it can be.
We need your consent to load this rte-player contentWe use rte-player to manage extra content that can set cookies on your device and collect data about your activity. Please review their details and accept them to load the content.Manage Preferences
From RTÉ News, cyber security experts meet in Dublin in June 2022 to discuss how to tackle online threats
Here is my non-random and non-representative panel of cyber security experts: Jorij Abraham is the general manager of the non-profit Global Anti-Scam Alliance who operate national websites that allow consumers to check if a website is legit. Dr Mubashir Rehmani is a lecturer at MTU and one of the country's leading experts on cyber security research.
Joanne O'Connor is cyber security training manager at Hewlett Packard Enterprise. Tony Miller is a Chief Information Security Officer at MTU, a role introduced to companies in the mid-1990s. Louise O'Hagan works with private companies, the EU Agency for Cybersecurity and the Stop.Think.Connect global campaign to raise awareness on cyber security.
Because sharing how you keep your information secure can be a security risk in itself, I’m going to fudge individual answers on most things and provide only a few quotes. A few were happy to respond, but were willing to admit that even the experts aren’t always secure. Abraham commented "I would not be surprised if the 'doctors make terrible patients’ does apply if we are honest about it".
We need your consent to load this rte-player contentWe use rte-player to manage extra content that can set cookies on your device and collect data about your activity. Please review their details and accept them to load the content.Manage Preferences
From RTE Radio 1's Today with Claire Byrne, cyber security expert Ronan Murphy from Smart Tech on recent cyber attacks
First up is email. Gmail was popular with most of the expert panel. Reasons given were loyalty, security features such as multi-factor authentication, good spam filters and the nice user interface. Having more than one account for different uses such as online shopping, work emails or personal was also commonly used. Only one expert used Outlook for everything, with business and personal emails all going to the same inbox.
My next question was about online shopping. Here, there was a range of answers, credit cards, debit cards, Paypal and Revolut. O'Connor felt that the Revolut disposable card is one of the safest ways to pay online. They have a one-time use of that card so even if your details are stolen the card cannot be used again. All of the experts are thinking about their own payment methods, and what could go wrong if the site they are buying from is breached. Only one expert was using debit cards: other mentions of these cards has noted that they were not secure and the protection from the bank is not as good as credit cards if things go wrong.
For getting online when out and about or travelling, most people aren’t using the free wi-fi, with one saying they still do with an oops in brackets. It was one of the first things that I learned not to do when I started in this cyber security job. Rehmani expanded on this: "I want to avoid keyloggers. Keyloggers are installed on computers to record everything you write. So, let’s say, if you visit a country and you enter into an unreliable internet café and you start typing your passwords or entering other credentials, all your data including passwords get logged and later can be used".
We need your consent to load this comcast-player contentWe use comcast-player to manage extra content that can set cookies on your device and collect data about your activity. Please review their details and accept them to load the content.Manage Preferences
From RTÉ Brainstorm, why password rules and restrictions don't work
O'Hagan added "I was given a live demo of what the ‘free wi-fi’ people, who are often criminals, can see including passwords! This is something everyone should see and I guarantee there will be no-one connecting to free wi-fi ever again!’
The last question I asked was about password security. The approach here was a combination of following password rules and using password managers. The Lastpass password manager was mentioned twice. Rehmani also mentioned the haveibeenpwned.com site to check if your email is in a data breach. It didn’t come up so I’m assuming no one is using the same password across different sites.
Sites to determine the security strength of your password are becoming more common and this was highlighted as a useful feature. Having some form of code or personal rules for generating strong passwords is also part of a strong approach to password security. This could be a short phrase with special characters, or a maths statement with symbols and letters. The good news is that passwords might soon be a thing of the past. "I do look forward to a passwordless future", says O'Hagan. "I have heard this mentioned among the cyber communities recently’.
The responses show that the experts understand what could go wrong, which informs their own behaviour
Although I didn’t directly ask about it, the responses highlighted security of devices such as phones, tablets and laptops as important, given the amount of information they now hold. These devices now use biometric security, which was seen as a good thing.
A common thread throughout the responses was that the experts understand what could go wrong, which informs their behaviour in their own lives. This does take time and forming new habits is hard, but thinking ahead and taking steps to protect your data and finances can go a long way.
Dr Aoife Long is Education & Public Engagement Manager of Cyber Skills, a Cyber Security Education project led by MTU.
The views expressed here are those of the author and do not represent or reflect the views of RTÉ
