Twenty years ago, in the shadow of 9/11, the newly-formed Department of Homeland Security, the White House, the FTC, and some committed individuals from companies like Microsoft, Cisco, AOL, Amazon, and others realized that consumer education was necessary to teach the public how to use technology safely.
With that public-private partnership at its core, the new nonprofit National Cybersecurity Alliance (NCA) started the first Cybersecurity Awareness Month. We've come a long way. Back when we first launched Cybersecurity Awareness Month, we recommended that people change their passwords when they change their batteries twice a year in their smoke detectors—advice that would seem nonsensical to most practitioners now.
Twenty Octobers later, we now co-manage Cybersecurity Awareness Month with the U.S. Cybersecurity and Infrastructure Security Agency (CISA). But is awareness enough? And is it working?
This is our third year publishing our Oh Behave! study on the public's security behaviors and attitudes. To quote a respondent from the general public, "Being aware that these things are occurring around us and taking the necessary steps to ensure we are protected is a big part of online security." Awareness is necessary but not sufficient; the key is awareness that leads to action.
Many people in our study rely on the news media to stay informed about cybersecurity, but they also say the news scares them. In fact, many people fear that they are targeted by cybercriminals and worry about being victimized. Unfortunately, we don't believe fear is a good long-term motivator for behavior change.
So in this October's Cybersecurity Awareness Month campaign, you'll see CISA and the National Cybersecurity Alliance use language like "easy," "quick," and "convenient." Security professionals know security is challenging, but if we make it sound scary and difficult to the general public, they're less likely to take action than if we explain that security can indeed be quick and convenient.
Nothing is more convenient than MFA via a push notification and facial recognition—it takes just seconds. It's very easy to let a password manager generate a long, complex password for an account. It's quick and easy to report suspicious emails if your organization uses a one-click reporting button.
[RELATED: Preparing for the 20th Annual Cybersecurity Awareness Month]
This Cybersecurity Awareness Month, we hope to raise awareness, reframe consumer perceptions, and inspire behavior change. Please join us! You can sign up to be a champion at StaySafeOnline.org.
To hear more from Lisa Plaggemier, Executive Director of the NCA, look for her on SecureWorld conference agendas! See our Events page and register to attend.