Play Your Part as a User of an Organization’s IS
What can an ordinary user do to detect complex cyberattacks?
As you’ve seen, the detection team can’t possibly catch everything! As you may remember, at Everwell Hospital, it was the first doctor on duty who sounded the alarm to alert the IT team. As an IT user, they knew it was their duty to contact the hospital’s IT department straight away. This made it clear that the hospital was under attack, enabling it to take some very useful first steps in response.
So, it’s critical that we all realize we play an essential role as the first barrier against cyberattacks!
As users of an information system, our first duty is to be alert. This starts with being aware of the risks of cyberattacks that surround us and being attentive to the slightest abnormal sign. An abnormal sign could be a suspicious email, your computer or an application behaving strangely, or in short, anything out of the ordinary. The key is to ask yourself the right questions: why is this person contacting me by email when we usually talk on the phone? Would this person from outside the company usually be given access to this information? Is it normal for this application to ask me for my bank details at this point, when it would never normally do so?
The second duty is responsiveness, or our ability to react quickly to the signs we’ve identified. It’s important to report the problem you’ve identified to your IT department or security team immediately. Quick action saves precious time in limiting the impact of an attack. It makes all the difference! For this reason, it’s essential to encourage communication, even when the user has made a mistake or raised a false alarm.
Play Your Part as a Private User of Technology
So, what if you don’t actually use an information system at work? Well, you are at least a user of technology, since you’re taking this course! And you, too, have a role to play! You should be aware about and begin adopting good cybersecurity practices, for your own sake and for your loved ones.
But I don’t know where to start, what should I do?
Don’t panic! Remember the three actions to incorporate into your daily life that you saw in the video:
Be aware of the importance of cybersecurity and what’s at stake
Stay informed
Put it into practice
Here are a few additional resources to help you implement these actions.
Stay Informed
You’ve realized how important cybersecurity issues are and now you want to find out more. Here are some tips to help you do just that:
Know your rights and duties. Since May 2018, General Data Protection Regulation (GDPR) has required organizations handling personal data for EU citizens to protect it. The Data Protection Act in the UK and a number of state-wide regulations across the USA apply similar legislation. ENISA (European Union Agency for Cybersecurity) and the ICO (Information Commissioner’s Office) explain your rights as an individual in the EU and UK very clearly. However, don’t forget that you also have a duty to stay alert, even if this is not (yet) enshrined in law.
Keep an eye on what’s going on. Your favorite news sites are probably full of articles about cyberattacks! You don’t even need to turn to specialized media outlets. There are articles out there aimed at and available to the general public. They will help you understand more about the causes and impacts of these cyberattacks.
Take some training. There are plenty of resources available to improve your skills. Government cybersecurity agency websites are a goldmine for individuals! For example, take a look at the following resources:
The NCSC website provides awareness-raising materials for individuals and families.
The ENISA website lists a number of training courses and the many awareness-raising campaigns in EU member states.
The CISA website has a dedicated training section which includes a number of free, virtual courses including topics such as incident response and awareness training.
The UK Government’s cybersecurity training courses for businesses
Put Your Knowledge Into Practice
Here are a few suggestions for putting good security habits into practice in your day-to-day life (the list is not exhaustive, so please adapt it to your specific situation):
Be alert when reading emails to avoid falling into the phishing trap
Use a password manager to ensure you use strong passwords
Set up two-factor authentication (verification by email or text message, for example) when creating an online account
Regularly check your email address or phone number to see whether your personal information has been leaked (using the Have I Been Pwned website)
The FTC has a detailed list of additional security best practices
Let’s Recap!
Cybersecurity is now part of your life, and you know how to be an active stakeholder by:
helping your company’s cybersecurity team on a daily basis by staying alert and responsive.
staying informed and doing some training in your personal life, too, using the many resources available.
Well done! You’ve taken a huge step toward making cybersecurity an integral part of your work and personal life! I recommend you keep delving deeper into these fascinating topics, especially as cybersecurity is a constantly evolving field!
