During the Cold war, there were lots of terms thrown around such as, Capitalism, Communism, iron curtain, nuclear winter, damn commies, Ivan Drago and the like.
As a young lad who had no understanding of the whole concept, someone gave me a tip. If it’s got a McDonalds, it’s a friendly place.
As a marginally older lad (physically, not mentally) I hear a whole bunch of newer terms such as Cyber warfare, Advance Persistent threats, The Cloud, SCADA, iPhone 5 and many more.
Does the wider public understand or even care about these things? They’re just looking for their Digital McDonalds, a sign that will tell them that they’re in a friendly place.
Unlike the comparatively simple topic of world politics, information security is not just the responsibility of the government or companies. Users need to be educated so that they are best equipped to protect their own data. To allow them to put pressure on companies who don’t treat their data in the manner they should, and so that they can take steps needed themselves to not disclose data that is not needed.
Security professionals talking in a vacuum to each other won’t solve this. Neither will security professionals pointing fingers at each other and picking holes in each other’s research or ideas achieve this. Putting personal and professional differences aside, we should collectively try to engage more with end users. How exactly, I’m not sure. Kicking down doors and yelling CISSP probably isn’t the best way, but here are a few ideas:
· Speaking to friends and family about their responsibility to protect their own information. In a non-preachy, technical or geeky manner.
· Inviting non-security people to security events and conferences. Let them hear talks, learn about things and ask questions.
· Speaking at non-security events. If there’s an accountants conference, why not offer to go give a talk on the importance of maintaining client data confidentiality.
· Offering to chat to children at your local school about staying safe online.
This isn’t just restricted to security professionals. You don’t have to be an expert to know what information should or shouldn’t be shared. Look out for each other.
Add some more ideas in the comments section below. It would be great if we could all make a difference together.