Today Safer Internet Day 2021 is celebrated around the world, this year with the slogan “Together for a better internet”. It is a day to promote the safe use of digital technology and the internet.
Recently, Cybersecurity magazine spoke to Lanze Spitzner, senior instructor in Security Awareness at the SANS Institute, about the importance of Safer Internet Day and how we can all increase our knowledge on data protection and IT security.
Cybersecurity Magazine: Do you think these dates – Data Protection Day and Safer Internet Day – get the awareness they need and do you think it is still the right approach to have a special day in the year to remind people on Data Protection and a safer internet?
Lance Spitzner: My impression is they help, up to a point. I recommend organizations regularly and consistently reach out to and engage their workforce on the same key points. Events like these can help emphasize your program, but your program should not be based solely on these events. In some ways there is a special ‘event’ every month (Privacy Day, Safety Day, Password Day, Backup Day, Internet Safety Month, Awareness Month). For me it’s less about these special events and more about having a consistent message and program.
Cybersecurity Magazine: Why are these topics still so important and what should people take away from them? Is there for example a special number they should keep in mind?
Lance Spitzner: Organizations should identify and prioritize the top risks to their workforce and focus on just a few, key behaviors that most effectively manage those risks. 3-5 topics is best, no more. So, it’s less about the ‘day’ or ‘event’ and more about being consistently focused on those key risks. For example, regardless of the event I like to focus on Social Engineering, Passwords, Updating and Backups (for home).
Cybersecurity Magazine: Apart from the dos and don’ts that usually experts share on these dates, how should people increase their knowledge about data protection and IT security? Do you think we need a less scientific approach to reach the wider audience?
Lance Spitzner: The key is focusing on how people personally benefit, how the behaviors we are teaching them at work also personally benefit them at home. All the scientific principles emphasize the need to make these behaviors as simple as possible. So ultimately our goal is to make security simple. That means focusing on as few behaviors as possible in a very easy to understand and consistent message.
Cybersecurity Magazine: When confronted with cyber security people often react scared and call the police instead of acting themselves, how can we change that behavior?
Lance Spitzner: By reducing the amount of Fear, Uncertainty and Doubt in our communications and focus on instead cybersecurity is actually simple if you focus on just the basics.
Cybersecurity Magazine: Why is gamification-based education like the Cyberstart game a good way to reach the audience?
Lance Spitzner: Gamification can be a very effective want to engage an audience, depending on who the audience is. However, gamification can also be very time intensive to create and manage, one example is the SANS CyberStart program for kids and teenagers: https://cyberstart.com/