Most of us have probably read advice or tips from different information security awareness campaigns. Growing concern over ransomware and other malicious worms have more organizations mounting anti-spear phishing efforts around the office. In fact, one of the better-known groups in this space, the National Cyber Security Alliance, and its Stay Safe Online website, grew out of a cooperative effort by the private sector nearly a decade ago to counter spear phishing.
Despite a number of other advocacy and research groups who have also created education or awareness campaigns for online and information safety, several flaws have limited the programs' impact. First, many of these programs about online safety aim toward such broad audiences that the advice becomes too voluminous to follow. Second, traditional security awareness campaigns are difficult to adjust as quickly as the most common threats change. And third, existing security awareness campaigns haven't benefited from the kind of broad, interdisciplinary research that's starting to make inroads into the cybersecurity debate.
That may change, however, with the launch of Security Planner, a simple-to-use guide featuring expert advice that's relevant to the way you work and play online. It's a project of the The Citizen Lab, an interdisciplinary research and policy group based at the University of Toronto. Citizen Lab has gained attention for its evidence-based research on topics such as cyberwarfare and use of commercial spyware by governments to target dissidents.
SEE: IT leader's guide to the threat of cyberwarfare (Tech Pro Research)
The clear value of Security Planner over traditional approaches to online safety comes from its tailored security advice for specific needs. Users answer a few basic questions about how they browse, connect to the internet, or use a smartphone (without having to provide any personal information), and then they receive advice that has been vetted and peer reviewed to help them stay safe.
The philosophy behind this new tool is clear: "It is easy to feel overwhelmed by the challenge of how to be safer online." It therefore tend toward fewer bits of advice, starting with some basics for all users, like using two-factor authentication on accounts. Future revisions promise to reveal more behind-the-scenes information about how recommendations are made. In the meantime, this first released version looks to be a very positive step toward smarter, more behavior-based approaches to helping users stay more secure in their daily lives.
- Defending against cyberwar: How the cybersecurity elite are working to prevent a digital apocalypse (free PDF) (TechRepublic)
- No More Ransom takes a bite out of ransomware (TechRepublic)
- NIST Cybersecurity Framework: The smart person's guide (TechRepublic)
- Online security 101: Tips for protecting your privacy from hackers and spies (ZDNet)
- Get ready for more hacks in 2018 (CNET)
- Security awareness and training policy (Tech Pro Research)
Gregory Michaelidis directs the Security Awareness Lab and is a Cybersecurity Initiative Fellow at New America. Previously he served as a senior public affairs advisor and director of speechwriting at the U.S. Department of Homeland Security.