Demystifying Cybersecurity Can Help Make the World a Safer Place

October is my favorite month because it brings together two things I deeply care about: ‘Give at Microsoft,’ our chance to step back and look for opportunities to give back to the community, and Cybersecurity Awareness Month, which helps highlight the mission-driven approach that security professionals take every day to make the world a slightly better place.

Most of Cybersecurity Awareness Month focuses on what actions to take or avoid, but the messages often don’t resonate with people. And people tend to shy away from things they don't understand, even if it’s good for them. Which brings me to one of my other favorite things: demystifying security. People need to understand why security advice matters and why they should care, and in a way that is relatable for them. For example, explaining to my mother why she shouldn't click on every WhatsApp link is no different than discussing zero trust architectures with application developers. Two distinct scenarios with similar behaviors that can lead to equally bad outcomes. But the core message remains: not everything that appears reasonable should be trusted.

Techniques like phishing (which is the root of ransomware) leverage social engineering (which preys on people’s emotions) to tap into people’s curiosity or FOMO (or Fear of Missing Out) to get them to click those links. To stay safe, we should all adopt a JOMO mentality (or Joy of Missing Out) as in, I don’t need to know what’s in this clickbait video. If you view every link through the clickbait lens and adopt the attitude that this link is probably a scam sent by people trying to get my money, it’s fairly easy to move on. The biggest difference that I've felt in my own behavior over the past few years is I just don't have the FOMO. But to get there, you need to reorient your thought process so that your safety comes first. If you really need the information, you know how to find it.

Put another way, it’s about using the same common sense and street smarts in the digital realm as you do in the physical world. Installing a security system in your home to help protect against burglars is similar to installing MFA on your bank account to make it harder for a criminal to break in and access your money. Your smart lock on your front door keeps your family safe from intruders. You have a healthy dose of skepticism about who’s on the other side of your front door and don’t just open it to anyone who knocks. This is not unlike zero trust in the digital world, which means you don’t automatically trust everyone or everything inside or outside your network. Every time someone tries to access your data or systems, they must prove their identity and authorization, just like using the smart lock on your door. This way, you ensure that only the right people get access, keeping your information safe. It all comes down to being vigilant and implementing strong security practices to prevent unauthorized access.

Simple stuff for our everyday life can go a long way in protecting everything from your identity to your assets. ?I’m hearing families that are implementing plans and best practices, such as the use of a code word to use if a caller sounds suspicious. If they don’t use the code word, it’s a scam. Zero trust sounds drastic but how else do you adapt your thinking? If something sounds off, double check. It’s crucial for everyone to implement these measures in their digital lives because you can’t patch gullible.