5 ways to talk about cybersecurity with anyone
Ever tried explaining cybersecurity to someone who isn’t tech-savvy? Just last year, my 67-year-old mother came to me in a fluster because her laptop was hijacked by a full-screen pop-up that looked like ransomware.
Thank goodness I figured out the problem before it got worse. But when you can’t be there 24/7, how do you help those around you understand basic cybersecurity principles so they can stay safe online?
It’s no longer enough to run an antivirus scan on your computer once a week, and employees may not understand why the company decided to switch to Single Sign-On (SSO) software. But with these tips, you can explain why cybersecurity is important -- and worth the extra work.
1. Avoid jargon and explain cybersecurity terms
Ransomware, DDoS, spoofing. Cybersecurity is full of words that everyday people may not understand -- but at the same time they need to understand them.
When educating others about cybersecurity, try to avoid jargon. If you have to use a specific term, make sure you explain it fully. It’s helpful to provide real-life examples too.
For example, if you’re explaining what Distributed Denial-of-Service (DDoS) attacks are, ask someone if they’ve ever tried to access Netflix and weren’t able to get the site or app to load.
Chances are they’ve experienced this before, and you can explain that a DDoS attack, like the attack on Dyn in 2016, can bring down entire websites and apps. So if they’re suddenly unable to access a website, it could be a DDoS attack.
2. Focus on the team effort
The saying goes that we’re only as strong as our weakest link, and the same is true for cybersecurity. In a company, each employee needs to put up a solid defense to keep themselves and their coworkers safe from cyber attacks like phishing scams and data breaches.
For example, the simple slip-up of not password protecting a server can expose personal information, like it did for thousands of students and teachers at Florida Virtual School in 2018.
Express to your employees that cybersecurity is important for protecting them, their coworkers, and even the financial future of the company.
Tip: I always recommend password managers, like LastPass, to my friends, family, and coworkers.
LastPass helps me stay on top of all my unique passwords instead of just using one password for a handful of sites. And it even generates secure passwords for you so you don’t have to worry about hitting that special mix of numbers, letters, and special characters.
3. Teach in the moment
Clicking through online cybersecurity training is mind-numbing for anyone. And while it’s important to train employees on internet security rules and regulations, it makes a bigger impact to play out some real-world scenarios too.
My company recently used a real-world test to illustrate some common phishing tactics and train employees on what to do if they spot a phishing attempt.
The week before, the company sent out information on how to spot and report a phishing scam. A few days later, unbeknownst to us, we all received a fake phishing email.
Several employees asked in Slack if it was legitimate, and the company followed up with an answer and reiterated what each of us should have done when we saw the phishing email. Afterward, many employees said this example was much more memorable than all of the online training.
4. Simplify restrictions
The stricter you are about what your employees can do online, the more likely they are to shrug off more important responsibilities.
People can easily get overwhelmed with all the things they can’t do, and they might even become less inclined to follow well-intentioned rules if they feel too restricted.
So instead of this:
- Long lists of sites they can’t visit,
- Online actions everyone should avoid, and
- Multitudes of red flags they should be on the lookout for,
Keep things simple. Decide which security protocols can’t be ignored, and relay those to your coworkers.
5. Lead by example
No one’s going to take your cybersecurity tips seriously if you don’t follow them yourself. (And why wouldn’t you anyway?) This is one of those times where leading by example can reinforce how important following the rules is.
Your coworkers may hate the annoyance of using two-factor authentication and SSO, but they see you dealing with these same extra security steps. And they know you’re focused on mitigating cybersecurity risks, so if you’re willing to take the extra time to keep your data safe, they will too.
Similarly, it’s important to get company leadership on board too. If your CEO is lax about securing their own laptop and leaves their phone with company accounts laying around the break room, your fellow employees won’t take cybersecurity seriously either.
You can use the previous tips for talking about cybersecurity to express how important it is for your company’s leadership to lead by example. And you might just remind them that they’re under extra scrutiny when it comes to following the rules.
And if you need some specific examples of why leadership needs to get on board with cybersecurity, here are a few:
- More CEOs to be held responsible for cybersecurity incidents by 2024
- Target’s former CEO stepped down after a 2013 data breach
- Target’s CFO was questioned in a Senate hearing
- Former Equifax CEO steps down after 2017 data breach
Tip: Another reason to get leadership on board is due to the risk of social engineering.
A DEFCON speaker recently talked about hacking an employee’s computer by pretending to be the IT administrator and asking for their password. So it’s a good idea to have leadership ensure that everyone at the company knows the name and face of all IT administrators -- and to remind them not to share their passwords with anyone they don’t recognize.
You can use these tips to help friends and family understand the importance of cybersecurity too. Many of the same online safety tips you’d give your employees can keep their personal data safe at home.
Hackers and other bad actors are constantly improving their skills. It’s up to us to band together and share knowledge to keep everyone one step ahead.
Catherine has a degree in journalism and has spent the last 10+ years writing everything from internet reviews to user guides. She’s been online since AOL CDs were a thing and is an unapologetic PC gamer. She believes the internet is a necessity, not a luxury, and writes to help everyone stay safely connected. You can find more of her work at Reviews.org.