National Cybersecurity Awareness Month
October has been declared National Cybersecurity Awareness Month again this year and many companies and organizations are embracing and actively participating in a variety of activities for this month. But for the home users with family members who don’t work for big companies, they usually don’t get the yearly training offered during this month at the big companies. It is estimated that approximately 80 percent of exploitable vulnerabilities in cyberspace are the result of poor or no cyber hygiene. These are basic measures to improve cyber protection and resilience such as password management and installing system updates in a timely manner. Most users want to be protected but just are not sure what to do, especially given the limited resources that they have available.
Helping cyber users learn how to improve their basic cyber hygiene and their cybersecurity protection profile should be an everyday effort, not just one month out of the year. It is a fact that the human element is a key part of an effective cyber strategy and thus it should be something that is reinforced consistently with everyone so that it is ingrained into everybody’s daily lives.
I read an article this month asking whether security awareness training even works. The premise of the article was that even well-educated security experts mess up when it comes to security, so can we really educate average employees or everyday folks to be more security aware. The biggest security advice that I suspect many security professionals don’t follow is not reusing passwords. With so many different email accounts, financial accounts, work accounts, and retail accounts that I have, I’m sure I have over 100 things that require passwords to access. And even I can admit that I don’t use unique passwords for every account. But I do implement techniques to have different passwords for my important/key accounts (see my previous blog post on passwords). And even though password management software is often recommended by security professionals, hardly many that I know use one. So, how do we convince the folks at home to use them when the security professional don’t?
Unfortunately, there’s very little data available so far as to the effectiveness of security awareness training, but from the experiences of individual companies, training can make a difference if it is done right. That means providing training in small, digestible units, following up with testing and reinforcement, and creating a culture of security by engaging people at all levels. I do believe that with consistent cyber training in digestible amounts for the home user, even if only a select amount of cyber best practices are followed, readers would definitely benefit from overall cybersecurity awareness.
Besides information from U.S. Stay Safe Online (https://www.staysafeonline.org) which I have shared previously, there are a host of other websites that provide excellent cyber tips for the home user which help them become better educated on how to protect themselves in cyberspace. It is the goal of Homecybersifu to eventually provide links to the best online resources available for the home users. Even if our readers only learn one new thing every time they visit this website, this will go a long way in the educating the masses on good cybersecurity.
Thus, for National Cybersecurity Awareness Month I am sharing information provided by the SANS Institute, a cooperative research and education organization, publishes a Security Awareness Newsletter designed for the common user. I am sharing a few of the newsletters that would be great for you to read and share with your family members to provide them some education as part of National Cybersecurity Awareness month.
Please download these PDFs, read them and then discuss them with your family and household members as part of Cybersecurity Awareness Month. I would recommended printing this information out, and placing it in a binder labeled “Home Cybersecurity Awareness Training” and have it accessible by all your family members at any time.
If you are interested in future newletters similar to the above, you can visit the website securingthehuman.org and subscribe to future newsletters.