Cybersecurity Is Actually Not That Hard

October 03, 2017

One of my biggest concerns with cybersecurity is we often make it far more complicated, confusing and intimidating for people than it should be. I’m not surprised that so many people exhibit bad security behaviors because we overwhelm them with technical steps and scary stories. When you take a step back and calmly think about things, there are only a few key behaviors people should follow for to be secure. That is why I’m such a big fan of efforts that help get the word out in simple terms that anyone can understand – like those of the National Cyber Security Alliance (NCSA). So, if I could wave a magic wand, what would the top five basic security behaviors be?

  1. Social Engineering: We would all know what social engineering is and the most common clues for spotting an attack.  Remember, social engineering does not just happen over email, but it can also take place on the phone or social media or even in person.
  2. Passwords: Everyone would use a unique, strong passphrase for each account and strong authentication (such as two-step verification or biometrics) whenever possible.
  3. Patching: All devices and systems would be kept updated and current with automatic updating.
  4. Antivirus: People would use antivirus software whenever possible but also understand that it cannot protect them from everything.
  5. Backups: Everyone would have automated backups in place.

Just these five simple behaviors could make a big dent in the online safety universe. Unfortunately, far too often we overwhelm users. To help support NCSA in its mission, we have based the October edition of the OUCH! Security Awareness Newsletter is on these five basic behaviors. As always, OUCH! is free and available in more than 25 languages.

About the Author

Lance Spitzner, director of SANS Security Awareness, has more than 20 years of security experience in cyber threat research, awareness and training. He invented the concept of honeynets, founded the Honeynet Project and published three security books. Lance has worked and consulted in more than 25 countries and helped more than 350 organizations plan, maintain and measure their security awareness programs. In addition, Lance is a member of the Board of Directors for the National Cyber Security Alliance, a frequent presenter and a serial tweeter (@lspitzner) and works on numerous community security projects. Before working in information security, Mr. Spitzner served as an armor officer in the Army’s Rapid Deployment Force and earned his MBA from the University of Illinois.