A woman working in an office looks at her computer with concern. Getty Images / 10’000 hours
It’s October, so that means that time of year. No, not Halloween. Its Cybersecurity Awareness Month is meant to remind you of the importance of being aware of cybersecurity threats.
You may have seen a warning from HR about Some of the most common cybersecurity issues you need to know – things like phishing attack and the importance of using strong passwords or maybe even multi-factor authentication (MFA) if the organization has it in place.
Giving people helpful tips on how to stay safe online – both at work and in every other aspect of everyday life – is a good thing. There is always a race between software companies and hackers when a new security hole is discovered, to see if the vendor can fix it before hackers can exploit it. But giving people even basic advice on how to protect themselves from attack will help prevent breaches.
And of course, cybersecurity awareness isn’t something that just needs to be pointed out for a month a year, especially in recent months. And the way some businesses choose to make people cybersecurity aware using fear isn’t helpful either.
The reality for many organizations is that their users are the first and often last line of defense against cyberattacks. But if they are not properly informed about what constitutes online safety that can leave people vulnerable.
Definitely the case if someone clicks on a convincing phishing link that claims they need to enter their password to view the content, or if someone downloads what they believe is a legitimate attachment, but it contains backdoor trojan malwarethey can cause major problems for their organization.
It can be difficult to spot scams, including ‘urgent’ requests from your boss that are actually business email intrusion (BEC) attack used to steal money or falsely warn that someone hacked your account and you should click a link to recover it – a link that will actually steal your password. The crooks are even using bait around cost of living crisis to trick people into falling victim to attacks.
Also: Want to boost your network security? Here are 10 steps to improve your defense right now
For many professionals, opening email attachments and clicking links, even from unfamiliar senders, is part of their job. And there are so many of them that eventually something will get through.
Cybersecurity Month is certainly a good start, but both the cybersecurity team and management need to ensure that helpful advice and support is available year-round. And the focus on cybersecurity should be, or even starting with the meeting room.
Also: Your biggest cybercrime threat has almost nothing to do with technology
And also remember that creating mistrust with misleading tests or blaming the victim for failing the tests doesn’t help anyone.
In one recent interview with ZDNET, Team Leader Red of Google says that blaming the victim is not the right thing to do when they are doing a security check. For them, when it comes to conducting security tests that attack like malicious hackers, it’s not who clicks the link, it’s about figuring out what works and how to prevent attackers from taking advantage of these exploits. similar.
There’s a lesson to be learned there about how to really raise cybersecurity awareness – it’s to make sure your employees are aware of the threats that exist and that they’re protected from them.
But it needs to be done with empathy – pointing the finger of blame doesn’t help. If someone thinks they’ve clicked on a real phishing link but doesn’t mention it because they’re worried about the consequences for their work that could be a big deal for any organization.
It won’t work to scare people into awareness of cybersecurity issues for one month a year – but providing guidance and advice year-round will improve cybersecurity for everyone.
ZDNET’s SECOND OPENING
ZDNet’s Monday Opener is our inaugural tech show of the week, written by members of our editorial team.
BEFORE ZDNET’s SECOND MONTH OPENING:
