The Most Effective Cybersecurity is Almost Free

Online security comes down to good habits.
Nov 7, 2022
Cybersecurity
Training children to exercise caution online is an effective but often neglected cybersecurity strategy.

The high-profile cyber breaches that have dominated the news recently overshadow the hundreds of thousands of phishing attempts and cyber rorts that have come to be a common, almost everyday occurrence.

There is no easy fix, hiring a cybersecurity expert is difficult for corporations and near impossible for a school, they’re hard to come by and usually very well remunerated. You could add security to the workload of the IT specialist but they’re run of their feet and anyway, cybersecurity requires a pretty specific set of skills.

What do you do? Tony Anscombe the Chief Security Evangelist for ESET says that ideally an organisation could seek out an external provider to look after a school’s cybersecurity needs in a largely automated and remote way, but while the services that are available are reliable and of high quality, there are complimentary solutions that can set you on the right path and are pretty much free.

“I recently looked back on the issues that have been facing schools and their cyber security and what was evident was that the issues of 10 years ago are the very same that are facing schools now, nothing has changed,” Anscombe says.

The month just passed was Cybersecurity Awareness Month (CSAM) and articles about phishing, passwords, protecting personal data have been plentiful. The underlying message is the need to be cyber-vigilant and to educate internet users on the dangers lurking in cyberspace.

“I suspect that some of you, like me, may be fatigued at receiving what appear to be the same messages year after year. In fact, if you look back 10 years at the CSAM campaigns on StopThinkConnect.org, a joint government and industry initiative, you will notice they are close to identical to the 2022 campaign messages – use strong and unique passwords, check links before clicking … These are all are great messages and wise advice, both then and today, but it’s clear that the issue is not being resolved, and so I can’t help asking: Should we be looking to move the message to a ‘place’ that makes it an automatic human reaction?

“Hidden dangers, such as those on the internet, are often difficult to appreciate without some form of visualisation. Take, for example, road safety: if there was no visualisation – cars whizzing past you when you want to cross the road or no car wrecks left on the side of the road – then it could be challenging to teach someone road safety as a pedestrian or a driver,” Anscombe says.

Messages like ‘look both ways before you cross’ are drilled into us from a very young age and safety as a default mindset comes by reinforcing the consequences and an understanding of the dangers if you’re not vigilant.

That kind of thinking needs to be instilled around our online habits, instead of just opening a link in an email, what if a child hesitated naturally and had a clear visual image of what might happen if that link contained malware?

Similarly, instead of being lazy around passwords and typing in the old 1,2,3,4, a name or a,b,c,d, a stronger password or another form of high level authentication should be an instinctive go to.

“The technology revolution that my generation, Generation X, has encountered has been life changing in nearly every aspect of living. We have seen the introduction of technology that has truly changed the way we communicate, behave, work, etc. Importantly, we have seen technology mature with safety and security mechanisms being added, and an evolution of cybersecurity – and unfortunately, also an evolution of cyberthreats.

“As a generation, we could never have been taught certain elements of online safety by default, as the issue did not exist. However, this does not mean we should not educate the next generation to have the core default instincts and skills.”

Kids face many online threats; cyberbullying, inappropriate content, radicalisation, and identity theft, proliferate. Moreover, some forms of cyberattacks, on technology commonly used by schools, have risen nearly 900% in the last two years and the number one cyberthreat is phishing, with stats showing that 90% of cyber-incidents start with a phishing attack.

“If any of you have been mandated to take cybersecurity awareness training, then you will know a large section of this revolves around the identification of a phishing email and how to spot fraudulent links and avoid clicking on them.

“If we want to solve the number one cybersecurity issue for businesses, then we need to have a generation on its path to the workplace that have a default mechanism instilled in them that stops them from just clicking on a link or handing over their credentials. A reaction where they immediately understand the danger, have a visualisation of it, and take a safe approach.

“To achieve this dream where phishing no longer exists, with no one ever being duped, would require a sea change in the use of technology at an early age, and in how we guide kids and what they are taught as a core fundamental skill,” he says.