Sometimes when I visit banks I find myself looking at scribbled Post-it notes containing user name and password attached to PCs. I may also see a neatly typed record of the key code necessary to access a secure gate or door within easy sight of any external visitor.
Is this bad cybersecurity? Sure. And it’s something we learn at home.
We all lock our doors at night, but many of us leave the keys in the lock, or on the side close to the front door, where they’re easier for clever crooks to steal.
So why do we leave keys at risk? Psychologists would have us believe it is for two reasons: We believe that criminals target "someone else"; and it’s more convenient. Hiding keys somewhere away from the door they are intended to lock might make greater security sense, but it is inconvenient to have to retrieve them when you want to unlock the door.
Worse still, people leave the “emergency spare” key hidden under the front door mat, or under a plant pot outside the house. I mean, who would ever think of looking for it there?
Given the way we manage our keys, it’s not so surprising that many people leave their passcodes in plain sight at work. And our sloppy way of managing keys is only one example of where our habits betray us.
Statistically, most of us select passwords and secret numbers that are based upon numbers or characters of significance. Maybe it is part of a date of birth, or a house number where we have lived. Perhaps our passwords have something to do with our spouse, or our kids, or our car, or our pets, or our friends, or our interests, or a holiday we have been on.
Is this ringing any bells with you and the codes you use? If so, you are unwittingly allowing yourself to be more vulnerable.
Cyber criminals prey on our weakness. Having accessed an individual's account or PC, they frequently enjoy data harvesting from often unprotected files entitled "My Passwords" or by trawling the email database for helpful prompts sent by the user to themselves, entitled "user name" or "system access".
Arguably, this is no different to what many people used to do with their card PINs, even before we had laptop and phone passwords, but one would have hoped our personal security conventions had moved on! Back then well-meaning but forgetful individuals would write their PIN in their address book or diary, often referenced under the name of their card-issuing bank! Those who had their bag stolen would then find the card used at an ATM even though the victim would insist that they had never divulged their PIN and only had a "hidden" record of it!
Being aware of the risks that we may be unwittingly subjecting ourselves to is the first step in realizing that we need to change behaviour. There are numerous efforts being made across the globe to help customers select, maintain and remember passwords and codes safely and to therefore stop, metaphorically, leaving the spare key under the front door mat.
We are all creatures of habit, and some of those habits are bad ones. Don't let the crooks use your bad habits against you. Be cyberstreetwise — and think twice when locking your front door tonight.