The end of October - internationally considered cyber security month - was marked by a discussion on cyber security that was attended by the highest level individuals in cyber security both from the public and private sector, in Latvian and Europe.
“In discussions with millennials, we have noticed that they about as knowledgeable about cyber security as senior citizens”, says Janis Bokta, the chairman of the board of the Latvian state television and broadcast center.
It turns out, cybersecurity literacy is surprisingly low among a generation that has been raised on technology. Cyber security usually comes down to where is the weakest link. In a discussion lead by Juris Sleiers, the co-founder of the Digital Freedom Festival, the consensus was met that these days, cyber security threats are no longer because of vulnerable technologies - they're usually due to the humans using them.
Experts shared their impressions, perspectives, and practical suggestions on cyber security at an event organized by DFF in collaboration with the European Commission. Participants included:
- Baiba Kaškina - incidence response of CERT.lv, the Latvian cyber security incident response institution
- Janis Bokta - chairman of the board, Latvian state television and broadcast center (LVRTC)
- Gints Kiršteins - cofounder and CEO of Notakey - build access management and identity management on mobile devices.
- Steve Pursers - head of core operations of ENISA - EU cyber security agency.
In a thrilling and riveting discussion (you can watch the recorded Facebook live video) these experts discussed their thoughts. One hour was not enough to delve into the minds of these highly experienced specialists, but here are some of the main ideas that were represented.
Cyber security is a trade-off
When it comes to individual internet use, cyber security is largely a trade-off between the ease of use versus the security aspect.
“I don't believe in the cloud.” - Baiba Kaskina, head of Cert.lv
Similarly, presidents are suggested not to use iPhones or cloud-based email servers. Janis Bokta acquiesces that having email on your phone is not the most secure, however it's a necessary tradeoff for the opportunity cost of being able to respond quickly in order to ensure effective business development.
It's a trade off.
“Security is about thinking. people far too often don’t want to think, they want solutions that come out of the box. Security is about balancing security with risk.” - Steve Pursers
Steve Pursers summarized the basics of personal cyber security. He likened it to being as savvy online when it comes to persuasive con artists, as you would be offline.
When used correctly, technologies can be incredibly secure
Gints Kirsteins, co-founder of Notakey, asserted that your cell phone is likely the most secure piece of technology you own.
That is, if you have a lockscreen on it.
The conclusion among the speakers was that lockscreens should be a mandatory part of cyber security literacy. And in this scenario, policy leaders and phone manufacturers are in a position to make it mandatory to have a lockscreen. The question is, why aren't they?
Baiba concluded that using the same password for everything is the worst thing you can do.
When it comes to passwords, there are several password keepers. You can choose to use them on the cloud, which lets you access the passwords from any internet-connected device. Or you can choose to host the passwords offline. So you have to choose - are you more likely to lose your device that the products are stored on, or are you more likely to lose access to passwords when you're away from one standard device.
Baiba also emphasizes that there's a difference between cyber security and personal data protection.
For example, it's ok if you choose to put your photos online. But then you have to be ok with the fact that this personal data is vulnerable and available online. Critical thinking is needed. That's in regard to things we read, fake news, things we see online. The same goes for security. Don't give away your data, don't be swayed by offers that seem too good to be true.
Steve re-iterated this sentiment, adding that safe online activity is a combination of cautious behaviour and critical thinking. Because online, you can't verify much about other individuals. You only know what they say they say they are. So be cautious when they're trying to collect your data or trying to sell you something.
Gints left us with a summary of safe online behaviour:
“Do not install shady applications. Do not route your phone. Lock your screen. Use passwords everywhere. Use password generators. I have not generated passwords myself for 5 years. Even if I was stolen by aliens, I wouldn’t be able to tell them anything.”
The technologies are there to make things secure, the question is, how are you using them?