Cyber Security Awareness Beginnings
I was 10 years old when the National Cyber Security Alliance and Department of Homeland Security began Cyber Security Awareness Month in 2004 . At that point, I barely knew how to use a computer. The words cyber security or cyber security awareness could not compute in my head. It’s safe to guess that at that time, people much older than me were just as unaware as I was.
It’s likely that the only publicly shared cyber security awareness was of the Nigerian prince phishing scams and having anti-virus installed on their computers. Cyber security stories were not on the front pages of news sites or at the front of organizations priorities, let alone in the minds of the every day computer user.
Flash forward to today and its hard to go a day without hearing of something cyber security related in the news. Now, companies specialize in cyber security (like us!) and organizations have budgets in the millions to spend on cyber security. Companies also get fined millions of dollars for cyber security failures. While typing this blog there is a Comcast commercial marketing their built in cyber security capabilities! The threats continue to change and advance causing organizations to constantly adjust to the changing and more pervasive threat landscape.
What has stayed consistent through this entire time, and will continue to do so, is the human using the computer. In today’s cyber climate, if you use a computer or cell phone, cyber security awareness can save or your organization thousands or potentially millions of dollars simply by being aware at work and at home. Everyone is a target, which means it is applicable to everyone.
Cyber Security is Everyone’s Responsibility
Educating people on cyber threats and how to avoid becoming a victim is the goal of Cyber Security Awareness Month. Cyber security awareness is so important today that organizations have entire teams dedicated to cyber security awareness and prevention. While October is dedicated to cyber security awareness, one month alone is not enough to state its importance.
The theme of this year’s Cyber Security Awareness Month is “Do Your Part”. If you ask a cyber security professional what “Do Your Part” means, we will tell you that cyber security is everyone’s job. This extends way beyond our work environments. It is personal. Cyber criminals are targeting you, and there is indisputable proof. We will your role in cyber security both at your workplace and at home.
Awareness At Work
So how exactly is cyber security everyone’s job in a work place? Aren’t there IT departments and actual cyber security teams and tech that take car of that? Kind of, but these are only pieces of the puzzle.
There can be many vulnerabilities an organization can have when it comes to cyber security. In my opinion, one of the biggest of those vulnerabilities is the lack of end-user cyber security awareness. Studies have shown that up to 70% of cyber risks can be reduced by security awareness training. The most often targeted entry point into an organization is the end-user. For example, if an organization has 1,000 employees that do not have cyber security awareness, that introduces 1,000 individual user vulnerabilities to the organization. That is a lot of potential vulnerabilities to that organization.
Social engineering is the most common tactic to exploit these vulnerabilities, with the most common form being the phishing email, with over 3 billion sent per day. Let’s be honest, who doesn’t use email these days. Looking at that 3 billion number again, there’s a decent chance one of those can make it’s way to to one of those 1,000 employees. It only takes one unaware end-user to cause harm to an organization.
One of the best ways to minimize this risk is by raising cyber security awareness. Making end-users feel a sense of shared responsibility should be the goal. Cyber security can sound very technical to a lot of people. However, the very basics of cyber security aren’t. Thus, when raising cyber security awareness, we are talking:
- Don’t click on suspicious links or attachments in emails from unknown sources
- Utilize strong passwords/passphrases and Multi-Factor Authentication
- Keep the operating systems of your computer and mobile devices up to date
- Keep your browser up to date
- Handle sensitive information with caution
- Use anti-malware software
- Don’t connect personal USB devices to work computers
These are some of the most basic attributes of cyber security that should be shared with computer users.
Therefore, while there are IT departments and security teams, each individual in the company has an important role to play in cyber security
Awareness At Home
Back at the origination of Cyber Security Awareness Month, the goal was to educate people on being safe on the internet while at home. It’s safe to say that is more relevant now than ever.
Our own personal information is just as valuable to attackers as the information they are trying to steal from organizations. The use of phishing and smishing has increased exponentially over the last few years. Email and text scams are constantly targeting my bank account and I’m sure it’s no different for others. We must teach everyone to be aware of such scams.
The bullet points listed above are still as applicable to how you interact online while at home. The same dangers that are present at a corporation are present in your own mailbox.
Cyber Security Awareness extends beyond the office walls. If you are connected to the internet in some capacity, you are a target for these attackers. Who would have thought a decade ago that their refrigerator could get hacked?
It is important to remember that even though you may be at home, you are still a potential target.
Cyber Security Awareness is Ongoing
The need for cyber security awareness will only continue to grow as the world continues to become more and more digitized. It is not something that is ever going to end. The need for ongoing education is a must as attackers continue to adjust and vary their attack strategies.
Like many things in life, education is key to understanding. If you are an organization, conducting ongoing security awareness training can make the difference between a successful or unsuccessful cyber attack. Your company is well positioned if your employees know the various threats and how to avoid them. However, it is critical that this training is ongoing. Cyber security awareness is not a one-and-done event.
Your personal cyber awareness is no different. Being able to understand why attackers are targeting your cell phone and personal inbox can avoid hassles like identity theft. Just remember, whether the attackers get your personal information by phishing you or by hacking a large corporation, they are getting information, which is exactly what they want.
Education is one of the most critical things in life. In this case, cyber security awareness is starting to also become that critical.
In closing, we implore you to educate yourself and those around you on cyber security awareness. It is critical to your online safety.