Do cyber security experts practise what they preach?

10 Oct, 2022

Min read

women outside on laptop cyber security courses

Cyber Skills Education and Public Engagement Manager, Dr. Aoife Long made it to No1 in the most read articles in RTE #brainstorm. The article asked cybersecurity experts how they keep their data safe.

The article is included below for your reading pleasure, or you can view it via the link: rte.ie/brainstorm    

---

Analysis: we ask cyber security experts about their passwords, emails, online shopping habits and usage of free wifi

By Aoife Long, Munster Technology University

Doctors make terrible patients apparently, but what about cyber security experts? Across academia and industry, cyber security experts are advising companies and researching the best way to protect data, information and the economy.

But how do these experts protect the information in their own lives? Are they using Gmail? Do they log on to the local café wifi? Let's ask the experts how they protect their data in their daily lives and how easy or not it can be.

Here is my non-random and non-representative panel of cyber security experts: Jorij Abraham is the general manager of the non-profit Global Anti-Scam Alliance who operate national websites that allow consumers to check if a website is legit. Dr Mubashir Rehmani is a lecturer at MTU and one of the country's leading experts on cyber security research.

Joanne O'Connor is cyber security training manager at Hewlett Packard Enterprise. Tony Miller is a Chief Information Security Officer at MTU, a role introduced to companies in the mid-1990s. Louise O'Hagan works with private companies, the EU Agency for Cybersecurity and the Stop.Think.Connect global campaign to raise awareness on cyber security.

Because sharing how you keep your information secure can be a security risk in itself, I’m going to fudge individual answers on most things and provide only a few quotes. A few were happy to respond but were willing to admit that even the experts aren’t always secure. Abraham commented "I would not be surprised if the 'doctors make terrible patients’ does apply if we are honest about it".

First up is email. Gmail was popular with most of the expert panel. Reasons given were loyalty, security features such as multi-factor authentication, good spam filters and the nice user interface. Having more than one account for different uses such as online shopping, work emails or personal was also commonly used. Only one expert used Outlook for everything, with business and personal emails all going to the same inbox.

My next question was about online shopping. Here, there was a range of answers, credit cards, debit cards, Paypal and Revolut. O'Connor felt that the Revolut disposable card is one of the safest ways to pay online. They have a one-time use of that card so even if your details are stolen the card cannot be used again. All of the experts are thinking about their own payment methods, and what could go wrong if the site they are buying from is breached. Only one expert was using debit cards: other mentions of these cards has noted that they were not secure and the protection from the bank is not as good as credit cards if things go wrong.

For getting online when out and about or travelling, most people aren’t using the free wi-fi, with one saying they still do with an oops in brackets. It was one of the first things that I learned not to do when I started in this cyber security job. Rehmani expanded on this: "I want to avoid keyloggers. Keyloggers are installed on computers to record everything you write. So, let’s say, if you visit a country and you enter into an unreliable internet café and you start typing your passwords or entering other credentials, all your data including passwords get logged and later can be used".

O'Hagan added "I was given a live demo of what the ‘free wi-fi’ people, who are often criminals, can see including passwords! This is something everyone should see and I guarantee there will be no-one connecting to free wi-fi ever again!’

The last question I asked was about password security. The approach here was a combination of following password rules and using password managers. The Lastpass password manager was mentioned twice. Rehmani also mentioned the haveibeenpwned.com site to check if your email is in a data breach. It didn’t come up so I’m assuming no one is using the same password across different sites.

Sites to determine the security strength of your password are becoming more common and this was highlighted as a useful feature. Having some form of code or personal rules for generating strong passwords is also part of a strong approach to password security. This could be a short phrase with special characters, or a maths statement with symbols and letters. The good news is that passwords might soon be a thing of the past. "I do look forward to a passwordless future", says O'Hagan. "I have heard this mentioned among the cyber communities recently’.

Although I didn’t directly ask about it, the responses highlighted security of devices such as phones, tablets and laptops as important, given the amount of information they now hold. These devices now use biometric security, which was seen as a good thing.

A common thread throughout the responses was that the experts understand what could go wrong, which informs their behaviour in their own lives. This does take time and forming new habits is hard, but thinking ahead and taking steps to protect your data and finances can go a long way.

Dr Aoife Long is Education & Public Engagement Manager of Cyber Skills, a Cyber Security Education project led by MTU.

The views expressed here are those of the author and do not represent or reflect the views of RTÉ.

 

Related Posts

Cyber Skills Courses

Guarding Ireland’s Industrial Backbone: The Role of Operational Technology.

Discover UL Professor Tom Newe's insightful article in Silicon Republic, where he addresses the growing cybersecurity challenges faced by legacy operational technology (OT) systems. Highlighting the critical shortage of skilled OT security professionals, Tom underscores the importance of specialized training programs. Learn about the Professional Diploma in OT Security at the University of Limerick, designed to equip participants with practical skills to protect integrated IT-OT environments.

Read more
Donna OShea, Josette O'Mullane and Simon Coveney at the Cyber Innovate Launch holding up long LED lights in front of the Cyber Innovate banner in Cork jail.

Applications Open Now- Cyber Innovates Cyber Security Scholarship with MTU.

Applications Now Open- Cyber Innovates Cyber Security Scholarship with MTU. This initiative aims to foster a new generation of cybersecurity innovators and entrepreneurs by offering a comprehensive 10-month programme coupled with a tax-free scholarship of €38,000. Successful candidates will not only receive a postgraduate qualification in cybersecurity innovation but will also have the opportunity to contribute to the creation of new startups and innovations. No prior experience needed.

Read more
Donna Prime Time cyber security courses

Dr. Donna O'Shea on Prime Time discussing the HSE cyber attack

RTE Prime Time covers the devastating cyber attack on the HSE, the gangs behind the crime, how it was orchestrated and the implications for those affected.

Read more