This week begins the Department of Homeland Security’s National Cyber Security Awareness Month which promotes awareness and best practices for how citizens should think about security and how it relates to their data, their organizations, and ultimately, our nation. Just as Smokey the Bear was created in the 1940’s as part of a campaign to encourage wildfire prevention, the DHS efforts are important in helping instill into people the need for an effective culture and mindset around security.
The impact of cyber threats have ramifications that are hard for most of us to get our heads around. We tend to look at major breaches as catastrophic, but removed from our daily activity; that kind of thing happens to other people, right? Or perhaps we get to an explanation of what’s really happening, but don’t really understand it. Perhaps the cause of the breach of a major bank was due to poorly configured data repositories that inadvertently left holes that hackers accessed. It seems esoteric and far from our purview, but the reality is that it’s very much part of our world; our data is stored and transacted constantly in places and ways unbeknownst to us. So, an ounce of prevention is indeed required, but so is an understanding that cybersecurity is very much baked into just about every form of modern life.
National Cyber Security Awareness Month is structured to guide those not steeped in the intricacies of data breaches. Just look at the different themes being promoted – “It’s Everyone’s Job,” Make Your Home a Haven for Online Safety.” But even for those of us who spend all day building defensive technology, these lessons are still apt and powerful. For one thing, we shouldn’t overcomplicate cybersecurity. The way a hacker gets access to privileged data doesn’t always have to do with sophisticated technology. Hackers want “in” and will look for holes do get the access they desire. At issue is how they get in.
An incredibly high rate of individuals fall victim to things like the Nigerian prince scam; that may just seem like naivety on the surface. But getting people to click on that link that promises untold riches works whether the user is in front of her Yahoo email account or the company inbox. Hackers and threats are directed at behaviors where humans display vulnerability and it doesn’t always require savvy programming in order to take advantage of that. Again, the goal is to penetrate, get inside, and wreak havoc. The key to avoiding that is recognizing legitimacy, acting accordingly, and using checklists and best practices to operate safely.
What the DHS recognizes and is trying to educate people about is that data and technology are wrapped intimately into our lives. Just as we would take measures to be fit, wear seatbelts, and even prevent forest fires, we must also take care to safeguard our digital lives, whether they be our personal bank accounts or company workloads we interact with.