National Cybersecurity Awareness Month.
CyberAwareness Challenge Course.
Threat Intelligence Index.
These are all valuable resources and tools that help ensure every person stays safer and more secure online. And although they shine an important spotlight on what it means to be aware, do they go far enough?
Cybersecurity awareness in this age of data theft must not only be about knowing, it must also be about doing. Knowing the basics of securing a computer, operating system, or application is a good starting point in defending against a cyber attack. But it’s just the beginning.
A 2017 Tenable survey found that although nearly all consumers are aware of security breaches, many do not take some degree of precaution to protect their data and have not changed their security habits in the face of a public threat. Let’s face it, humans are flawed. We still like to click, use our insufficient passwords, and openly share information.
Roughly Half of Americans Lack Basic Cyber Hygiene
According to the Tenable survey, only 56 percent of Americans use a password to lock their computer and only 45 percent use a PIN to lock their mobile devices. Roughly 1 out of 2 Americans say they have made their account passwords more complicated in recent times. The point here is that while we know cyber crime exists, many of us may not fully understand the implications of our actions that open the door to cyber crime. This is partially why social engineering and other large-scale data breaches are often so successful.
Much existing cybersecurity literacy tends to focus around defending the complex digital systems of large corporations. Much less attention is given to providing the average user with the deep knowledge and skill needed to defend their personal information or a small business system. While cyber awareness is important, knowing isn’t doing.
What, Then, Is Enough When It Comes to Cybersecurity?
Practicing good cyber hygiene today brings the need to combine knowledge with the right attitudes and mindful behaviors that serve to protect valuable information and data in both business and the community. Being cyber aware means understanding what the threats are with regard to people, processes, technology, and information, and taking the appropriate steps to prevent them. Let’s look at some ways this can happen.
Cyber literacy in the work environment:
- Implement companywide cybersecurity training on an ongoing basis to empower employees to learn by doing rather than by simply following a set of rules.
- Perform routine work using an ordinary user account, not an administrator account, to reduce the chance that an accidental faulty command will impact the entire system and leave it vulnerable to cyber crime.
- Ensure unwanted files are overwritten by new files or securely wiped clean rather than merely deleted. Contents of deleted files remain stored on disks and may be accessed until other measures are performed.
- Install a virtual private network (VPN) on all devices and never connect to a public Wi-Fi network without it. Thieves can intercept sensitive data left unprotected when passwords, certificates, or encryption aren’t used.
Cyber literacy in the personal space:
- Use a strong passphrase or password that’s easy to remember but hard to guess, turn on multi-factor authentication whenever it’s available, and utilize a password manager to create one master password.
- Opt for electronic statements that get delivered via email or, in the case of bank statements, directly into your online banking account to minimize the ability of criminals to gain access to sensitive information from your physical mailbox.
- Keep tabs on your rewards accounts through your credit cards, at the grocery store, and from other services you use. Hackers may go after your points, knowing that people often don’t pay close attention to the accumulating benefits.
- Think before opening a questionable email or clicking on an attachment or embedded link from an unfamiliar sender. Phishing is a common method cyber criminals use to access sensitive information via computers and other communication devices.
These examples just touch the surface of what sound cyber practices should look like in our digitized world. Creating a risk-aware culture is everyone’s responsibility. With the right knowledge coupled with the right behaviors, we become a formidable foe to cyber thieves.