“Do Your Part. #BeCyberSmart.” While this concept – the theme for this year’s Cybersecurity Awareness Month – is easy for us to digest and accept in the workplace, the security mantras we echo day after day in our professional world often fade when we transition into our personal lives. Being truly “cyber smart” requires us to ensure risk management is applied holistically and not just while we’re on the clock. As professionals in tech, we have an even greater responsibility to educate the next generation and advocate for cybersecurity in our schools and communities.
Doing our part requires taking the same risk management strategies from the office and applying them to our homes and families. In both cases, there is no easy button. For those who serve as “authorizing officials” for their families, managing cybersecurity has become another daily activity. We have a responsibility to educate not just our industry peers, but also the end-users in our personal lives, e.g., our children, parents, and grandparents. We weigh the pros and cons of tech that can make our lives easier against the potential risks to our home network, personal information, and the privacy of our households. We find ourselves asking unexpected questions like, should my vacuum cleaner be an authenticated user on my network?
Unfortunately, similar to what we see in industry, so many of us are distracted by the bells and whistles of the latest gadgets or apps in our personal lives that we intentionally or unintentionally ignore the security and privacy implications. In today’s digital era, many choose to assume – however incorrectly – that the creators of technology are implementing security and privacy on our behalf. Either that, or we see our tech-savvy friends using X technology and conclude they have conducted their own security and privacy analysis, thus relinquishing our own responsibility for assessing its risk.
In the past, it was much easier to minimize your attack surface. For instance, there was a time when we had authority over the apps installed on our phones, the websites we visited that collected our information, and even the equipment and appliances we used to manage our homes. We had the control to decide if our children should have devices, and if so, we could manage the security and privacy settings. But much of that has changed.
Technology creates wonderful conveniences and efficiencies, and these benefits have led to the rapid adoption of new technologies – some with proper vetting, others without. The COVID-19 pandemic further advanced the adoption of emerging technologies, forcing the hand of some sectors to embrace digital transformation overnight. And while this advancement has brought countless benefits, we have also lost a great deal of control in managing our digital footprint.
These realities – combined with a culture that wants things quicker, faster, and cheaper – have caused many to throw caution to the wind. Some at-home authorizing officials, i.e., parents, spouses, etc., may shirk all cyber responsibility, claiming there is “nothing they can do” if the school requires their students to use a specific mobile app, or their local government requires them to pay utilities online through a portal with inadequate security, or their kid’s sports team requires them to turn on a location-based app to streamline carpool management. Many organizations and communities in our lives require us to use certain technologies in order for us to participate, despite the potential security risks. Others embrace complacency, justifying their inaction because their data has already been exposed through multiple breaches. The bottom line is that neither of these paths is safe or acceptable.
At some point, we have to take individual responsibility for the technology we use and the types of information we share. In honor of Cybersecurity Awareness Month, I encourage all of us to take ownership of our own digital safety and security. Lead by example – be just as skeptical as you are curious and excited about the latest gadgets. When technology is forced upon you, do your part to make respectful inquiries and advocate for your cybersecurity. Seek options and embrace education to ensure you do your part to be cyber smart.