Executive Cyber Hygiene – Why Manners at Work Aren’t Translating to the Home
It’s time to have a conversation about cyber manners. Remember when your mom used to say, “if you eat like this at home, you’ll do it in public?” No parent wants their kid to be the one to embarrass them with their messy manners when they dine out, so they teach them the rules of good etiquette.
The same thing applies to cyber hygiene. Knowing that the behavior of employees is the weakest link in their cyber defenses, most organizations instill good security manners among their workforce – avoiding password reuse, questioning suspicious links or emails, etc. Yet this training rarely makes its way to the C-suite – and that’s a problem.
Executives’ sloppy cyber manners
Executives are busy people and aside from the CISO and CIO, most are not particularly cyber savvy. How often do you see a CEO or CFO attend a cyber hygiene lunch and learn or request a briefing on cybersecurity best practices from their CISO? Not often! Finding time is a problem, but also executives don’t want to show that they lack an understanding of cyber risks, so they’re hesitant to ask for help.
Unfortunately, technology moves so fast that it becomes a steeper hill for them to surmount. And so, the bad practices continue – particularly at home where the corporate security team has no control, and the rules are harder to enforce.
Turning a blind eye puts the entire organization at risk
As organizations harden their security posture, cybercriminals have refocused their attention on the soft underbelly of the company – executives. More specifically, executives in their homes and in their personal accounts. This is the path of least resistance.
People are people, after all. Executives bring their laptops home each night, they connect it to their unprotected home Wi-Fi which is shared with their kids who download who knows what software or games. They also use their personal tablets to print corporate documents and access corporate resources. They may think these assets are secure but our own research has uncovered revealing data about the state of personal cybersecurity and privacy of corporate executives – and it’s alarming:
- One in five home Wi-Fi networks of executives are not secure
- Three in five home of their devices lack anti-virus software
- One in four devices are infected with malware
Password etiquette is also a problem, executives use the same passwords for their personal life as they do in the corporate world. Furthermore, 68% of the C-suite is writing down their passwords on their little black notebooks or storing them in their contacts list on the phone. Hackers can use these credentials (which are widely available on the dark web) to access other services, such as a victim’s email or other applications, or gain access to corporate networks.
OneLogin recently released research on executive habits (via Yahoo News!) that validates our own findings. They reported the following:
- 42% of Senior managers, reported sharing a work device with someone outside the organization.
- 19% of senior managers admitted to giving their passwords to someone in their family.
- 30% of senior management also reported working from public WiFi networks.
Cybersecurity must play by the executive’s rules
There are no boundaries here between cyber manners at home and cyber manners at work. What executives do in their personal lives translates directly into corporate risk.
These are things that the COO, CISO, and the board need to worry about. But what are their options? They can’t apply the same 20 security controls that protect the corporation to the executives’ home. The remedy must be simple, seamless, and “right-sized” for the home environment. They must prioritize security controls – a firewall to scan the home network and endpoint protection that secures every home device including laptops, tablets, IoT, and security cameras.
The experience must also be frictionless – practical solutions that fit their lives, not onerous rules and controls that limit freedoms. Remember the movie “The Bodyguard?” Whitney Houston’s character was so aggrieved by controls enforced by Kevin Costner’s “Frank Farmer” that she recoiled from them and him, exposing herself to risk in the process. That same approach isn’t going to work here either.
Partnership is key
Executives can achieve robust cyber etiquette across their digital lives without rules being forced on them. The key is partnership. A digital “guide” who walks alongside them – not against them – to provide the concierge, white glove service and support they need to stay cyber smart and secure – both at home and at work.
To learn how this can be realized, this whitepaper on Executive Protection for Cybersecurity & Privacy in their personal lives.