- Human beings are animals and won't respond until danger is eminent.
- People buy security software and think that is enough to secure their devices
- People assume there will be people out their to "fix" their problems when something does go wrong
- People don't like change.
- People like convenience and just want everything to work easily
I started thinking about it. I remember my interview with the Human Resources guy and he noticed that I was getting my Master's in Cybersecurity and he assumed the base was going to want me. It made me realize, he didn't understand what cybersecurity was. I'm not saying he's stupid, I just think he is part of the majority that thinks cybersecurity is a military or DoD thing. It's a big word that actually works from the home office to the FBI.
So, the question became, should we teach risk management and information security at the junior high and high school level? I started thinking about that and realized that risk management is already being taught in other topics such as PE and Science. In PE, kids stretch and warm up before vigorous exercise, managing the risk of injury for training on muscles that have not been warmed up. Science requires safety instruction in regards to how to handle scalpels for dissections or how to handle acid and water.
It would make sense to put something that simple into the computer classes, I'm sure. After all, risk management or security should just be something that happens, not a separate job. It should be a habit, much like warming up before exercising or learning the importance of making sure the scalpel is properly cleaned and taking care of specimens to be dissected. Computer classes could begin in junior high with basic importance of strong passwords, Internet safety, and the importance of backing up your data. Start small and easy. As you get into the high school areas, they can do things such as assess the assets in their computer labs or even their homes to develop risk mitigation plans, showing them real world applications to risk management.
Cybersecurity is not a national security issue. It's actually something that can be applied at home and should start in the home. The question is, how do we make people aware that security is more than just software? Again, people typically don't respond until they are the victims of ID theft or bank fraud. There is nothing telling the public that the security software they buy is good, but it's not 100%. Much like there are car mechanics that are not trustworthy, there are also computer techs that are just as dishonest. If you don't know your devices, how do you know you are getting quality repair work? And finally, what can be done, to get people to change their habits.
I would like to ask you a few questions to get you started:
- How many passwords do you have?
- If you only have one or two, are they used on all your accounts from banks to e-mail?
- If your job requires your account at work to have a long and complicated password, did you write it down and put someplace that you think is hidden but could potentially still be found?
- Is your WiFi at home broadcasting its SSID?
- Is your WiFi password protected to allow only those who know the password onto your network?
- Is your security software updated?
- Are your OS patches updated?
All these are things you can fix at home to reduce your risk of attack and secure your home office. All those things are cybersecurity.
No comments:
Post a Comment