Sunday, October 04, 2020

Cybersecurity Awareness Month, Day 4. The week's theme? If You Connect It, Protect It

It is now Day 4 of Cybersecurity Awareness Month 2020. Tomorrow, Monday, October 5, marks the beginning of the first full week of messaging from the leading movers of the campaign (in the US that would be the National Cyber Security Alliance and the U.S. Department of Homeland Security). The theme for the week is: 

If You Connect It, Protect It

Here's where the organizers are going with this theme: "The first week of Cybersecurity Awareness Month will highlight the ways in which internet-connected devices have impacted our lives and will empower all users to own their role in security by taking steps to reduce their risks." (NCSA)

To help support campaign themes, NCSA provides sample messages for use in social media, for example: Any device that connects to the internet is vulnerable to risks. The best defense is to keep device security software, web browser and operating systems up to date. #BeCyberSmart by turning on auto-updates. 

This is good advice. Following this advice would—based on my experience—help many people to "own their role in security by taking steps to reduce their risks." This has the potential to reduce the total number of security incidents that need to be dealt with.

Of course, a cynic might point out that some percentage of the total population of people who are using internet-connected devices don't know how to keep device security software, web browser and operating systems up to date. It's a short step from there to asking: what's the point?

My view is that there's no point holding back good advice just because not everyone is well-placed to follow it. Furthermore, part of the strategy developed by NCSA over the last 15 or so years is to encourage other organizations, and individuals, to fill that gap; for example, by offering free educational materials and community programs to reduce the percentage of people who are finding this whole cyber thing difficult. Searching for the hashtag #BeCyberSafe on Twitter during October is one way to find out what is available.

A better question to ask about cybersecurity awareness than "what's the point?" is this: who is responsible for all these cybersecurity problems of which we need to be aware? I will be discussing some of the possible answers during the rest of the month. 

In the meantime, here are some short awareness videos that might you find helpful on topics like phishing, ransomware, vishing, and passwords.

No comments: