OpenVPN explains just how bad employees are at maintaining corporate security

Greg S

TS Evangelist

Every week that goes by more headlines of hacks and data breaches are surfacing. In a recent study conducted by OpenVPN, a number of bad habits have been revealed. Although the results are unsurprising, it should come as a reminder to use best practices for security and maybe consider listening to the IT department once in awhile.

Out of the 500 full-time US employees, 25 percent admitted to using the same password for nearly everything. Once one database or website is hacked, malicious entities will attempt to use recovered credentials on other sites and businesses knowing full well that many users have poor habits.

When clicking links, 23 percent of employees stated that they did not bother to check where the destination site was before proceeding. In my opinion, this actually seems quite low. Phishing and social engineering attacks using deceptive links in legitimate looking emails have become a highly effective vector for gaining entry.

One countermeasure to weak passwords and widespread reuse is adopting biometric authentication. Having a software tool to securely store a variety of complex passwords that meet minimum criteria removes the need to remember dozens of phrases with no easily readable form. Over 77 percent of employees believe biometric options are safe to use and 62 percent think that they are better than traditional passwords.

Despite the high levels of trust with biometric options, only 55 percent of the surveyed employees are using technologies such as fingerprint scanning and facial recognition. It should be noted that some corporations do not allow for the use of biometric options for authentication.

In order to better combat cyber threats, employees must be properly trained and be able to recognize the signs of potential attacks. Regular training sessions are often unexciting and can be a drag to sit through for those even remotely tech savvy. OpenVPN has found that offering incentives for reporting obvious red flags can keep employees more engaged and less likely to fall into bad habits.

Just as you should wash your hands after certain activities, cyber hygiene is the concept of following best practices to maintain a secure environment for electronics. Preventing infections requires good habits all the time. Even with proper protocols in place, it is difficult to fight against still unknown threats.

Permalink to story.

 

Lionvibez

TS Evangelist
Also fingerprints / retina scans are hard to fake in the first place.
For retina scans yes.

However for fingerprints they can be lifted from items you have touched.

Example you go to the food court for lunch and get a big mac combo. All I had to do is wait for you to throw that drink out in the garbage which your prints are all over.

 

Kibaruk

TechSpot Paladin
Also fingerprints / retina scans are hard to fake in the first place.
For retina scans yes.

However for fingerprints they can be lifted from items you have touched.

Example you go to the food court for lunch and get a big mac combo. All I had to do is wait for you to throw that drink out in the garbage which your prints are all over.

Then you need to cross your fingers that the one you are picking up from a trash can is the actual drink and you are set for life...
 

jobeard

TS Ambassador
For retina scans yes.

However for fingerprints they can be lifted from items you have touched.

Example you go to the food court for lunch and get a big mac combo. All I had to do is wait for you to throw that drink out in the garbage which your prints are all over.
Technically correct, but with 100-->1000s in that bin . . . lots of luck finding the one needed
 

Lionvibez

TS Evangelist
Guys I mean actually being in the food court and lurking.

So I will be there long enough to know what can and when you did it.

I'm not talking about waiting until the end of the night to go retrieve it.
 

waterytowers

TS Booster
Guys I mean actually being in the food court and lurking.

So I will be there long enough to know what can and when you did it.

I'm not talking about waiting until the end of the night to go retrieve it.

Yep finger prints not so good. If I was going to make something secure and identify the right person before giving access I would not use finger prints. You need something that can't be copied easily and preferably the identity/code can be changed.
 
  • Like
Reactions: Lionvibez