Commentary
In the cybersecurity world, we often hear the phrase, “It’s not a matter of if, but when.” This is primarily Security breachIt can also be used to remind us that safe social practices reduce the likelihood of such violations occurring in the first place.
Throughout my career in cybersecurity, I have seen a high level of carelessness towards security, even among security professionals. This is problematic because the insecure behavior of one individual can make others less safe. Tendency to throw away trash Would you feel more security-conscious if there was trash all around? The same is true with cybersecurity: if you see insecure behavior all around you, you will be less motivated to improve your security measures.
The good news is that change really can happen, and it can start with just one person: you.
What are safe social norms and why create them?
Social norms are usually informal, unspoken rules that guide acceptable behavior among members of a group or society. Secure social norms can be established at two levels: a general level that focuses on what everyone needs to know about protecting information, and a role-based level that pertains to groups of people performing specific tasks.
Let us consider the following example Protecting Personally Identifiable Information (PII)While organizations have an obligation to protect the personal information of their employees and customers, it is up to individuals to take action to protect their data and teach others how to do the same. Failing to do so can result in a variety of problems, including financial loss, identity theft, and more.
Security professionals have a unique opportunity to transform the concept of security awareness into social norms and behaviors. In doing so, we enhance the security culture around us. Now is the time to step up and be a team member who practices secure behaviors and encourages others to do the same.
Steps to Establishing Safe Social Norms
Below are some practices security personnel can adopt to establish safe social norms for themselves and everyone around them:
1. Make data security relevant and actionable.
Launch Security Awareness Campaign Helping people understand PII in concrete, everyday language is a great way to teach them how to protect personal data. Always use concise, clear language when explaining security terms and topics. Provide examples when sharing tips and best practices. And be sure to detail specific actions they can take to improve security and the positive impact they will have.
2. Educate people about what personally identifiable information (PII) is and how to protect it.
The more you use apps and websites, the more important it is to know how your personal information is accessed, how it may be used, and when it shouldn’t be shared. Below are some key examples to help you develop security awareness:
Protect key identifiers. The Social Security Number is the primary identifier for an individual in the U.S. If you live outside the U.S., find out what the primary identifier is in your country.
Protect your banking information. Bank account numbers need to be carefully protected: stolen bank account numbers can be used to commit fraud on fintech platforms.
Know what other elements may be considered PII. IP addresses, schools, and degrees are all PII. By themselves, these pieces of information do not personally identify you. However, when collected and used in combination, they can personally identify you.
Configure multi-factor authentication. Adding multi-factor authentication is a simple way to secure your account. However, many organizations only require a username and password. It’s unfortunate that there isn’t an emphasis on using strong credentials. Stolen personal information could be used to hijack a person’s identity to open a bank account or apply for a loan.
Beware of social engineering scams. Phishing messages from senders masquerading as close friends or family members are a common way scammers target individuals. Federal Trade Commission Guidance To learn how to protect yourself.
Build consistent and safe social norms in the places you frequent. When you go to the supermarket, you probably don’t think about protecting your data. But if the cashier asks for your phone number or email address, pay attention. Don’t be shy to ask why they need this information. Get in the habit of being curious and asking questions about such requests.
Protect your data when seeking expert advice. If you need professional help, such as tax or legal services, ask how they protect your information. Some services may not have the luxury of focusing on the security of customer data. Choose a company you can trust and get a lot of information.
Safeguard your Protected Health Information (PHI). PHI is information in a health record or designated record set that is created, used or disclosed in the course of providing health care services and that can be used to identify an individual.
Get into the habit of learning about the privacy policies of any website where you open an account. Most websites will ask you how you want to share your data; choose the option that provides you the most protection.
Get privacy services. Don’t think twice. We recommend freezing your credit with all three credit bureaus: Equifax, Experian, and Transunion. This option is free and will stop fraudulent new accounts from being opened. It’s not enough to have protection from just one of the credit bureaus, you need all three.
You have the power to make a difference
Today, we know a lot about security. The problem is, we don’t act on it. We will be better protected if we develop safe habits and help others to do the same. If we don’t act, the costs and consequences will be enormous. We will not simply hear about security breaches of others, we will be affected ourselves. Remember, it’s not a question of if, but when.
This content does not provide tax, legal or financial advice, if you have any questions please consult your advisor..