To build on and reinforce this, CISA has a new public safety campaign and website that breaks advice into a few simple, bite-sized steps and explanations. The “Secure Our World” website, launched Tuesday, includes pages targeted at residents, small-to-medium-sized businesses and tech companies looking to make products secure by design.
“It’s the obligation … of every digital citizen to know how to keep ourselves safe and secure online,” said CISA director Jen Easterly during a livestreamed announcement.
To avoid overwhelming pages of advice, the program limits its recommendations to four key measures to significantly reduce risks:
- Strong password practices — residents should give accounts unique, long and random passwords, ideally using a password manager to generate and store them.
- MFA — residents should use multifactor authentication on all accounts or at least important ones like those for email, finances and social media.
- Detect and report phishing — residents should be alert to unexpected emails, texts or calls asking for personal information, especially those from unknown sources, and should avoid providing details, clicking links or opening attachments.
- Update software — residents should enable automatic updates to ensure they always have the latest security patches.
Of course, to be impactful, the campaign needs to get attention. That means reaching beyond the typical security-minded audience who’s already attuned to these issues, said Kiersten Todt, Liberty Ventures Group CEO and a senior adviser to CISA’s Easterly.
Screenshot
“There’s no one right way, it’s really about having as much content as you possibly can produce that speaks to different audiences, people from different walks of life, different age groups,” Plaggemier said.
Partners in industry and nonprofits will also help spread the word.
There’s an emotional strategy in play as well, and research into people’s feelings around cybersecurity helped inform the tone of the website and campaign. The effort aims to emphasize how quick and easy cybersecurity can be, to motivate action and avoid creating discomfort that might lead to ignoring the topic, Plaggemier said.
Screenshot
“You don’t have to twist [people’s] arm” to get them to improve cyber habits, but rather show them clear, accessible actions to take, said Phil Reitinger, CEO and president of the Global Cyber Alliance.
And while the campaign hopes to instill secure habits — with speakers comparing good cyber hygiene to putting on a seatbelt when using a car or remembering to lock the door — tech companies can also go a long way by adopting cyber-secure practices and design decisions that ensure better safety. For example, making MFA the default on user accounts or using machine learning and AI to filter phishing emails before they reach inboxes, said Heather Adkins, vice president of Security Engineering at Google and deputy chair of the Cyber Safety Review Board.
Screenshot
She and others expect to ultimately see password-based authentication replaced with different methods that could shift more of the cybersecurity burden off end users. But such a goal will take time to be realized, Plaggemier said.
The PSA campaign marks a dedicated effort to reach folks and to recognize that their situations are different than major companies’, Reitinger said. But we’re not yet at a turning point in the battle for nationwide cybersecurity, and people shouldn’t get discouraged if cybersecurity statistics don’t show a rapid improvement, he added.
“Are we going to be in a worse situation next year, despite this campaign? Yeah, we are. Because we’re not near the hockey stick moment,” Reitinger said. “But as companies like Google and Microsoft and Mastercard turn on things like two-factor authentication by default, as nonprofits work together to reach everybody, and as organizations like CISA continue to mature and grow and partner with both the private sector and nonprofits, I think we will get to that hockey stick moment. We will make a difference, and being safe online will be as easy as it is in the physical world.”
