Cybersecurity Awareness is All About Us
This October is the 11th annual National Cybersecurity Awareness Month (NCSAM), and, once again, we’re reminding each other to use stronger passwords and update our software. These messages are fine, but after saying these same things for ( more than ) 10 years, and in light of the reality we’re facing — the increasing number of data breaches, millions of personal records lost or compromised, attackers operating at speeds security can’t match — they come across as pretty weak.
Don’t get me wrong, I think the intent behind these messages is well-meaning, but I think we can do better. It’s time to raise the bar.
To inject some more interest and impact into this month, I recommend we direct our passion and our messages to raising a more transformative kind of awareness: the awareness that we all have both the power and the responsibility to protect the security of this integrated cyber environment we live in.
After all, how unlikely is it that we will change our habits and adopt safer behaviors if we don’t feel any ownership over collective cybersecurity? Or if we feel powerless to make a difference?
As security awareness advocates, it’s our job not only to help protect others from attacks, but to teach them how to protect themselves. And I think that really starts with us discussing, understanding, and embracing our roles.
Owning Our Roles
( & Understanding Why They’re Important )
We each play multiple roles in our pervasively internetworked world. In each of these roles, we deal with organizations and individuals on a variety of levels — as consumers, employees and team members, and as friends and family members.
When we stop to think about these different relationships and roles, we can begin to personalize the impact of decisions we make. That’s how you successfully turn abstract concepts into scenarios that actually hit home.
Let’s take a closer look at each of the primary roles we play in developing and strengthening cybersecurity, along with a few examples of ways we can encourage each other to fully embrace and leverage them.
1) Our Role as Consumers: Tell Companies That We Value Security
Firstly, we are all consumers. We need to think about our technology purchases with an eye towards some of the same values that we apply in the physical world. If we get food poisoning from a restaurant, we will not be back, but we continue to use products and frequent vendors whose products or services are demonstrated to be vulnerable. We look for consumer safety reports for our cars and appliances, but we download applications with little concern for their origin or intent. When we do these things, we diminish the value of providers investing in better security, and we reward the current apathy of the others.
We need to add security to our list of criteria for what we buy and use, and we need to make it clear that blatant insecurity is a sufficient reason to go buy somewhere else.
2) Our Role as Employees and Community Members: We Don't Want to be the Weakest Link.
Outside of browsing online, the bulk of our online interactivity occurs at work or through an organization (school, club, etc.), where we regularly interact with other members. As employees and members of these networks, we have a responsibility to be careful about what risks we choose to pose to the rest of these communities.
If I use my machine on a sketchy public network, and then I plug it into my corporate LAN, then I am responsible for transferring any technical pathogens I may have caught. We need to remember that in this dynamic and network-enabled infrastructure, the decisions we make for ourselves can easily become decisions we make for our companies and our colleagues.
3) Our Role as Friends and Family Members: Safekeeping Our Information and Theirs
Our constant interaction with our friends and family through our many devices has drastically reduced our natural distrust of the information that is served to us. As a result, we need to be particularly responsible about our behavior because our own loss of control over our systems to an attacker means that we have also lost control of the secrets that others share with us.
Few of us would shout out a secret in a crowded room instead of whispering it, but that is effectively what we’re doing when our systems become corrupted by a wide variety of malware. We need to be conscious of our habits because those we care about trust us (and therefore our devices) to be true to their confidences.
Bringing it Home
This kind of awareness doesn’t change the basic hygienic components of better cybersecurity behavior. We all still need to use stronger passwords and regularly apply software patches and updates. It does, however, make it more likely that people will pay attention and actually modify their behavior. Take time this October to transform security from an abstract concern to a real and positive responsibility we all share with one another. Discussing each of our roles and the impact we have on others is a fantastic way to start.
Helping Fortune 500 Banks & FinTechs Outperform | Avanade, an Accenture & Microsoft Company
9 年Thanks so much for publishing this PSA Jack. I just shared on Facebook inviting my friends to check out your guidance that all of us - mortal humans, not just cyber security professionals - can benefit from. Have a nice and relaxing weekend!
CISO with a focus on Life Sciences, Healthcare, and Tech Companies of all size
9 年Nice article Jack! It got me thinking - people are more aware of actual viruses and making sure not to spread them than they are about malware. Rarely do even intelligent folks consider their impact on the environment. I was reminded of this recently when I was told about how one of our top Developers brought our network to a crawl by downloading lots of music from a server at home.
Seasoned technology executive with over 35 years of experience creating and supporting "always on" infrastructure domestically and internationally
9 年Well put together Jack