While cybersecurity is certainly climbing the list of priorities for any business, it is also an increasingly important concern for individuals. With recent breaches impacting so many people’s personal data — and following the introduction of privacy acts such as the General Data Protection Regulation (GDPR) and California Privacy Act, which bring attention to the business use of personal data — the responsibility for cybersecurity has expanded from the organizations holding the data to absolutely everyone. This shift is a great opportunity for businesses and cybersecurity leaders to promote better security hygiene with their employees by taking the cybersecurity conversation to the dining room table to educate and enable more security-savvy users.
Not surprisingly, our world is becoming increasingly tech-savvy in step with the introduction of technologies promising to make our daily lives ever easier and more convenient. Consider just a few life-changing examples that provide us with helpful data, crucial services or meaningful interactions:
- Digital Payments. Services such as Venmo and Cash App are transforming interpersonal transactions, while cryptocurrencies are decentralizing banking.
- Social Media. Facebook, Twitter and Instagram were just the beginning. These and many other platforms, including Zoom and Slack for work and TikTok and WhatsApp for fun, are connecting societies worldwide.
- Exercise and Activity. The emergence of wearable tech — smart watches, sleep trackers and the like — is helping to create healthy habits for millions.
Because much of our society is using these technologies — to bank, to socialize, to work out — each of us must at some level engage with them to stay connected with and contribute to our society. Adopting and using these technologies provides many benefits but also contains inherent dangers, making all of us responsible for our own cyber safety. Faced with more mainstream news coverage of data breaches and personal experiences with credit card data theft and other forms of eCrime, people are becoming increasingly aware that cybersecurity isn’t just a business issue — it is something that can impact them directly.
This shift in awareness has been further compounded by the emergence of more people working from home, where the previously defined lines of work-based cybersecurity and personal cybersecurity are blurring. Office-based computers were not so long ago thought to be the responsibility of “someone else,” but when the world shifted to working from home during the pandemic the roles and responsibilities for protecting work computers shifted to the user. People have become increasingly aware that, as part of their job, they now have some responsibility for cybersecurity.
All businesses and cybersecurity advocates should capitalize upon this shift in awareness and responsibility, for it presents an amazing educational opportunity. People will absorb information better if they have a vested interest in the knowledge being shared, and by learning how to protect their personal data and information from adversarial attack they will become more security-savvy employees while at work.
Educating employees about the easy things they can do at home will be highly impactful. Consider the following action items:
- Teach employees about password strength and the importance of not writing down passwords; about having more than a couple of passwords that are used over and over again; about using password-keeping software in their personal life.
- Encourage your employees to activate two factor authentication (2FA) wherever possible, noting that it is one of the most powerful tools for protecting personal information. Create cheat sheets and guides for activating 2FA on commonly used applications and software.
- Teach people about the risk of using free public Wi-Fi access, explaining that it’s very easy for an adversary to set up a public Wi-Fi connection that spoofs that of a local coffee shop, library or airport.
- Teach people to be wary and vigilant about social media and show them how the various information they share could be used against them — for example, explain how answering a simple question such as “How far away do you live from the place you were born” could allow an adversary to reset a social media password using secret questions.
- Make sure to educate people about the importance of keeping their devices and browsers up to date with the latest patches to prevent any possible vulnerability from being exploited by adversaries. Again, create cheat sheets, guides and information packets about patching and what to look out for.
In educating people about cybersecurity, do it in a way so they feel they are being taught how to have safer online experiences, rather than being sold doom and gloom. People will not stop using social media and their digital footprint is only going to grow, so be sure to teach safety as a means of empowering, not limiting, their online lives.
Other best practices for teaching and encouraging cybersecurity include:
- Make sure information is easy to understand and simple to execute. People will quickly shut down and revert to bad habits if what you are introducing is complex. If you can’t explain it in the simplest of terms, it will not be adopted.
- Make the information interesting. Engaged employees are more likely to remember the material. One example of an excellent motivator is gamification, in which people can earn badges or points or be rewarded for good quiz results.
- Encourage employees to talk about cyber hygiene and resilience at the dinner table. Ask them to teach their families about online safety by comparing cybersecurity to physical security — discuss online stranger danger, keeping track of your digital belongings, and “see something, say something.” Physical security terms translate well into cybersecurity and will further reinforce a safer online experience for everyone — at home and at work.
- Make communication about cybersecurity an open dialogue, not a shaming exercise. Establish a simple way for employees to report mistakes or areas of concern without embarrassment. Positive reinforcement leads to better behaviors faster, so when you see people doing the right thing, reward them in front of the rest of the organization — loudly and proudly.
Our personal digital footprints are only going to grow. It is therefore important for businesses to take advantage of end users’ heightened awareness of cyber safety by fostering improved cyber hygiene, creating more cyber-savvy employees and, as result, building a safer digital world for us all.
For the other blogs in this series be sure to visit www.crowdstrike.com/blog for the rest of October!