*by Roberto Engler
Last year we experienced a “digital boom”. An unexpected global pandemic has led us to migrate our daily activities to the online world. We adopt new products and services to work, interact with others, shop and interact with companies from the comfort of our homes. Companies have also gone through a similar process. They had to allow their workforce to work remotely while creating digital experiences for us, their customers.
A new IBM global study has shown that consumer reliance on digital channels increased significantly during the pandemic. However, this drastic switch to digital also had “side effects” on security. The study also found that convenience preferences often minimize concerns about cybersecurity and data privacy, leading to lax behavior in this area.
What were some of the side effects of this digital boom?
Continuity of digital impact: On average, respondents created 15 new accounts online during the pandemic, but 44% report they do not plan to remove or disable any of them. With a growing digital presence, there is a greater attack surface for attackers.
password fatigue: 82% of people surveyed in Brazil reuse credentials in several of their accounts. This means that many of the accounts created were likely based on email and password combinations that may have already been exposed to cybercriminals through past data theft.
Convenience often trumps security and privacy: More than half (51%) of millennials respondents prefer to place an order through a potentially unsafe website or app rather than calling or going to a physical location in person. Thus, the burden of security to prevent fraud falls even more on companies.
To continue to enjoy the convenience of digital interactions, everyone must take steps to protect their privacy and security. Considering how our actions impact the current and future security landscape, adding little extra steps can help us avoid headaches. IBM Security recommends these five easy ways to improve our cyber security today:
- Use a password manager. Instead of trying to memorize multiple passwords or store them insecurely on a notebook or phone, you can use these apps, which not only generate strong passwords, but also save account information for each site we're registered to, no need to memorization.
- Include security options for each of the accounts. In addition to ensuring that access credentials (email and password) are different for each of the accounts, enabling two-step or multi-factor authentication (MFA), such as using fingerprint or voice identification, adds a layer of extra security to applications.
- Configure an authentication application. Instead of identifying yourself with a code that arrives via email or text message, install an authentication app. These apps generate a code using a unique algorithm that they assign to your phone when the app is installed, meaning that only your physical device has the codes, making them harder to intercept.
- Clean cell phone. It's a good idea to inventory your apps and disable those that aren't used regularly or that have questionable security and privacy controls. Pay attention to the privacy permissions that are required in apps, and consider whether you need to accept those permissions to use them effectively. Remember that deleting the app does not delete the account.
- “Lie” on password reset questions. Cyber attackers can often obtain information on social media that most people would use to reset their passwords, such as the mother's last name, the name of a pet or school, and so on. But if we “lie” about these security issues, the cyber attacker won't be able to guess them.
Given the amount of information we interact with through our accounts and apps, it's critical that individuals and businesses increase their knowledge of the types of cyber threats and smart digital habits to effectively protect ourselves.
To view the full report on the survey, visit: https://ibm.biz/IBMSecurity_ConsumerSurvey
* Roberto Engler, IBM Security Leader for Brazil
Notice: The opinion presented in this article is the responsibility of its author and not of ABES - Brazilian Association of Software Companies