It’s easy to focus on technology when talking about cybersecurity. However, the best prevention measures rely on the education of those who use technology. Organizations training their employees is the first step. But the industry needs to expand the concept of a culture of cybersecurity and take it from where it currently stands as an organizational responsibility to a global perspective.
When every person who uses technology — for work, personal use and school — views cybersecurity as their responsibility, it becomes much harder for cyber criminals to successfully launch attacks. Achieving this goal starts with taking precautions to reduce personal risk through securing devices and data. However, each of us also needs to recognize and report all potential cyber threats we run across.
A global culture of cybersecurity is only possible when corporate organizations, nonprofits and universities all work to spread the message and include outreach in their mission. Here are four ways to take cybersecurity into the community to help create a global culture of cybersecurity:
1. Launch a mentorship initiative
A key element of a global culture of cybersecurity is making sure the industry has a pipeline of diverse and skilled professionals. Because cybersecurity offers non-traditional career pathways, including badging and certifications, job seekers often struggle to determine the best route. When cybersecurity professionals provide support to those who are interested in joining our ranks, we can remove barriers to new cybersecurity professionals entering the field.
For example, the nonprofit Women in Cybersecurity offers a formal nine-month mentorship program that helps members strengthen their skills in areas such as influence, negotiation, leadership, work/life harmony and communication. In 2021, the program matched 1,115 mentees from entry-level to senior level with experienced mentors to help them navigate their journey.
Organizations launching mentorship programs should start by determining their target audiences, such as underserved communities, university students or entry-level professionals. Next, they should determine the framework for the program, including creating a curriculum for mentors, determining how to recruit mentors and matching mentors with mentees. After launching the initiative, it’s important to monitor the program and make changes based on feedback provided by participants.
Build your cybersecurity skills
2. Focus on the next generation
Reaching out to students, especially those in high school and middle school, is a great way to help fill the professional pipeline by targeting young people who are making future career decisions. At the same time, members of this demographic are heavy users of technology and can help spread the education they receive to their families and peers. Iowa State University’s Center for Cybersecurity Innovation & Outreach (CyIO) offers several programs for high schoolers. Since 2007, CyIO has sponsored Innovate-IT clubs, which focus on either game design or cyber defense, at Iowa high schools. The Iowa Cyber Hub also hosts the Youth Cyber Summit every October, which provides activities such as a Capture the Flag challenge, interactive security demos, discussions about career pathways and panel discussions regarding cybersecurity careers.
Organizations looking to nurture the next generation should start by determining their key message and goals, such as educating or encouraging kids to become cybersecurity professionals. Next, decide how to get the message across to the right audience, such as clubs or events. Then, partner with schools or nonprofits that focus on kids to create the programming and get the word out.
3. Look for ways to add humor and fun
Instead of presenting lectures and offering dry information, look for fun ways to get your message out to the community. Balancing humor with information encourages people to pay attention and, most importantly, remember your message. Start with the core message you want to communicate, and then identify your specific target audience. Next, brainstorm ways that will appeal to your audience so you can get your message across while captivating their attention. Be sure to test out your idea with several people in your target audience before going live to make sure you are hitting the mark.
Videos are a great method of reaching people in a lighthearted way. In honor of Cybersecurity Month, Iowa State University created a catchy video called Cyber House Rock!, which encourages people to “encrypt your data, make passwords strong, to keep away all the malware, spam and email scams.” BuzzFeed’s Internet Privacy Prank uses the “show, not tell” approach to help people see how easy it is for cyber criminals to find their information.
Events are also a great way to add humor and fun. Princeton’s cybersecurity team got decked out for its “War Games” showing with an 80s dress-up night. After the show was over, attendees talked about what had changed in terms of information security since the movie was released in 1983. At other events, the team adds fun by bringing a Wheel of Fortune so people can spin it to win prizes while learning about cybersecurity.
4. Create an ambassador program to help friends and families
While mentorships help future and current professionals, Iowa State helps fill a big educational void. The Cybersecurity Ambassador Program, offered through the Iowa Cyber Hub, empowers Iowans by reaching out to businesses, communities, schools, friends and families. The Ambassadors provide the knowledge and tools to help others safely navigate the internet, such as avoiding scams, bullying and privacy breaches.
Focusing on helping residents and students as well as businesses, organizations can use these types of programs to provide education that is often overlooked. Launching an ambassador program is similar to the process of creating a mentorship program, but organizations need to focus on how to reach people who are most in need, such as retired adults and teenagers. Ambassador programs can also offer events to the community on specific topics, like keeping your data private and what to do if your computer is attacked by ransomware.
While it’s easy for organizations to focus on reducing their own vulnerabilities, the digital world is safer when everyone is educated and engaged about cybersecurity. By actively working to achieve this culture, organizations, nonprofits and universities can make big strides to make the internet and technology safer for all.
