Not a day goes by where we don’t hear of some hack or another where cybercriminals are making a killing. Despite this however, there are a couple of things that appear to be happening:
- The average person, consumer or even worker is not connecting the dots to either realize that they are at risk, or that their actions are the risk and the entry point for these cybercriminals.
- Organizations, for profit or not-for-profit, are not heeding the simple warnings to carry out simple tasks such as patching, but they aren’t also being held accountable for the compromise of personal data breaches.
The lack of accountability is very significant and we as consumers need to hold their feet to the fire and require that regulations, laws and enforcement occur.
So, why is this? I think that there are a few reasons that the message for action and taking precautions are not getting through. They include:
- We continue to use language that people don’t understand. This definitely tops my list. I see it when I speak to business people all of the time. I talk about cybersecurity issues or risks and they just don’t get it. One of the first comments is: we outsource our IT. Or, we operate in the Cloud, so it’s not an issue.
These comments definitely demonstrate that they are only seeing cybersecurity as an IT or networking issue. It’s much more than that and we need to educate our front line defence! Our human resources! And to arm them properly, we need to find a common language that people understand, not just the people in the “biz.”
Rather than refer to cybersecurity breaches, we need to help people see the criminal aspect of what is happening and that there are some easy steps to take to help protect each of us from them. For example, how many people lock their homes when the leave? Heck, how many of us keep the doors locked all of the time? It’s a matter of personal protection. Protecting our families and protecting our property. We now need to think about online safety in the same way. We need to lock the doors (our computers and internet access from criminals) and ensure that ensure that our windows are also closed and locked. If by chance a lock doesn’t quite work like it used to (continuously update our versus protection and software patches), we replace it immediately.
2. When we do talk about cybercrime, we paint the picture of the villain in a hoodie in a dark basement. This is an old and outdated picture. Reality is, cybercriminals are often the people you least expect and can quite frankly be anywhere in the world, including next door, or in another country on the other side of the world. The point is, they aren’t likely lurking in a basement, but rather in comfortable quarters living off the ill gotten gains of people who might just be a little too trusting. Maybe you, maybe your neighbour, maybe a family member.
So, what is the solution?
In my opinion we need to go back to basics. Communications 101 actually. Who is our audience? What are we trying to tell them in order to get them to change behaviours? What language should we be using so that they understand? In other words, stop with the tech talk or cybersecurity industry talk. Speak to them in their language. And finally, where are they consuming information so that we can reach them?
These are simple steps that we can do. We just need to do them.
Do you have other ideas? We would love to know.
Do you need help implementing your internal Comms Plan or even developing a Privacy Breach Plan? If so, let us know.