Raising awareness of cybersecurity is good for everyone – but it needs to be done better

A worried woman working on her computer

A woman working at a desk looks at her computer anxiously.

Getty Images / 10’000 hours

It’s October, which means it’s that time of the year. No, not Halloween. it’s a Cyber ​​Security Awareness Month Which means reminders about how important it is to be aware of cybersecurity threats.

You’ve probably seen a warning from your HR department about Some of the most common cybersecurity issues you should be aware of – things like Phishing attacks and the The importance of using a strong password or maybe even Multifactor authentication (MFA) if the organization has it.

Giving people helpful advice on how to stay safe online — at work and in every other aspect of daily life — is a good thing. There will always be a race between software companies and hackers when a new vulnerability is discovered, to see if the vendor can fix it before hackers can exploit it. But giving people even basic advice on how to protect themselves from attack will go a long way toward stopping the abuse.

Of course, cybersecurity awareness is not something that should only be referred to for one month of the year, especially the following months. And the way some companies choose to make people aware of cybersecurity using fear isn’t helpful either.

The reality for many organizations is that their users are often the first and last line of defense against cyber attacks. But if they are not properly informed of what constitutes online security, it could leave everyone vulnerable.

Sure enough, if someone clicks on a disguised phishing link claiming They need to enter their password To view content, or if someone downloads what they think is a legitimate attachment, but contains a file Trojan malware backdoorthey can cause major problems for their organization.

Scams can be difficult to detect, including “urgent” requests from a manager that are in fact Business Email Compromise (BEC) Attacks Used to steal money, or false alerts that someone has hacked your account and you have to follow a link to get it back – a link that will actually steal your password. Scammers even use magic around it cost of living crisis To trick people into falling victim to attacks.

also: Want to enhance your cyber security? Here are 10 steps to improve your defenses now

For many professionals, opening email attachments and clicking links, even from unfamiliar senders, is an integral part of their job. And there are so many of them that something is bound to slip in the end.

Cyber ​​Security Month is certainly a good start, but both the cybersecurity and management teams need to make sure that helpful advice and support is available year-round. The focus must be up on cyber security, or even Start in the boardroom.

also: The biggest cybercrime threat has almost nothing to do with technology

It is also worth remembering that creating mistrust through misleading phishing tests or blaming victims for falling for the tests does not help anyone.

in A recent interview with ZDNET, the head of the Red team at Google said that blaming the victim is not a thing when they are testing security. For them, when running offensive security tests like malicious hackers, it’s not about who clicks on the link, it’s about knowing what works and how to prevent attackers from taking advantage of those same vulnerabilities.

There is a lesson to be learned out there about how to actually do cybersecurity awareness – it’s about ensuring that your employees are aware of the threats that exist and are protected from them.

But it must be done with empathy – finger-pointing helps no one. If someone thinks they clicked on a real phishing link but didn’t mention it because they are worried about the consequences for their job which could mean big problems for any organization.

It won’t work to scare people into being aware of cybersecurity issues for one month of the year – but offering guidance and advice year-round will improve cybersecurity for everyone.

ZDNET opening on Monday

Monday’s ZDNet editorial is our opening for this week in technology, written by members of our editorial team.

Previously on ZDNET’s MONDAY OPENER:

Leave a Comment