Want someone's personal data? Give them a free donut
While you might expect Homer Simpson to hand over personal details in exchange for a donut, you wouldn't expect cybersecurity professionals to do the same.
However, technology services provider Probrand has carried out a study at a cyber expo attended by UK security professionals, where attendees voluntarily shared sensitive data including their name, date of birth and favourite football team -- all to get their hands on a free donut.
This follows recent news that millions of accounts are still using '123456' as a password, with people's names, favourite football teams and favourite bands also commonly employed.
"We wanted to put this theory to the test and see just how willing people were to give up their data," says Mark Lomas, technical architect at Probrand. "We started by asking conversational questions such as 'How are you finding the day? Got any plans for after the event?' If someone happened to mention they were collecting their kids from school, we then asked what their names and ages were. One individual even showed a photograph of their children."
As part of the task, Probrand also asked more direct questions such as, 'Which football team do you support?', 'What type of music are you into?' and 'What is your favourite band?' Whether asking questions transparently as part of a survey, or trying to adopt more hacker-type methods, they were alarmed to find how easy it was to obtain personal data -- which many people may be using as the basis of their passwords.
Lomas adds, "As technology develops, so does the risk of cyber attacks and data breaches, but arguably the greatest consistent vulnerability is employees. It's crucial that businesses improve processes and technology in parallel with educating employees. Our research shows even the basics still need to be addressed."
To stay safe, Probrand recommends not using obvious information in passwords, employing multi-factor authentication where available, keeping device security up to date, and for employers to introduce cyber awareness training.