Across 2022 and 2023, three-quarters of cyber security breaches were down to human error. The lines between personal and professional cybersecurity have blurred; instead of breaking in through technical vulnerabilities in our corporate infrastructure, attackers are increasingly focusing on our human fallibility.
C-level executives make for great targets. Whether a profit-driven cyber gang looking to extract money from your family or organisation, or an international competitor looking to exploit your privileged access to company IP, key personnel are at the top of the hit list.
But does this mean you need an entirely new approach to security? Not quite as a strong corporate cyber security posture is already both secure and resilient. We’ll examine how you can pivot the traditional corporate cyber security structure into effective personal strategies.
1. Understanding the cyber threat landscape
Proactive organisations utilise Cyber Threat Intelligence (CTI) to understand their threat landscape and stay one step ahead of adversarial groups with the motivation and means to harm them.
In the same manner, executives must also consider their personal context and should ask some key questions. Who might have an interest in you? What might they want, be it your personal wealth or your corporate access? Under what pretext might they approach you? Crucially; how can you prevent it?
2. Attack surface reduction
In a corporate context, reducing the attack surface — the points of entry through which an attacker might target — is a key aspect of a strong cyber security posture.
For private individuals, this translates to your digital footprint; your online presence and the valuable information it offers.
In the same manner, your organisation will look to reduce its attack surface, you too can do the same. Review your social media profiles; are they set to public? What about the content within them? Could an attacker locate your home address, or build out your family tree?
You don’t need to become an online hermit, but make sure you’re not sharing information that the internet doesn’t need to know.
3. Access control!
Have you ever shared a Netflix account and then used that same password for your other logins?
Organisations implement sophisticated role-based access control (RBAC) to control and segregate access to critical data and systems; you should too.
Be mindful of who has access to your personal devices and online accounts. Where you are sharing accounts (let’s pretend you don’t, ever), be sure to use strong and unique passwords for every service. Where possible, enable multi-factor authentication.
And remember, relating back to Point 2…don’t use your dog’s name for your password. Little Cooper is probably on your Instagram.
4. Understand OSINT
Directly relating to Points 1 and 2, Open-Source Intelligence (OSINT) is often employed by cybercriminals to gather information about organisations and orchestrate attacks. What data does the company hold? Where is it held? What are the chains of command within the organisation?
Pivoting to the individual context; the better you know someone, the more likely it is you can employ effective trickery to get them to click a phishing email, or send remittance to a bogus bank account, and so on.
Use these methods for your benefit instead. Conduct personal checks to understand what personal information is out there about you and how it might be used against you.
5. Update everything. Even your smart fridge.
Regular software updates, patching, and data backups form an essential part of an organisation’s cybersecurity strategy.
We should maintain these principles as home habits, too. Ever skipped a Smart TV update because your favourite show just dropped? That update might’ve been patching a severe vulnerability. So let your updates tick over as and when they arrive and enable automatic updates where possible to save the trouble!
Personal cybersecurity can be a time-consuming and even daunting prospect, but translating the corporate strategies we’re familiar with into personal habits simplifies the process.
As C-level executives, personal cybersecurity is crucial given your responsibilities and, frankly, the size of the target on your back.
Take action for your own Personal Cyber Assessment.