Phin Security

The Importance of Cybersecurity Education

The content emphasizes the importance of tailored cybersecurity education across a spectrum from beginners, who need clear explanations of basic concepts like multifactor authentication and password hygiene, to security practitioners, who must improve their communication skills to effectively convey technical security measures to non-experts.

Welcome to Gone Phishing, a show diving into the cybersecurity threats that surround our highly connected lives. Every human is different. Every person has unique vulnerabilities that expose them to potentially successful social engineering. On this show, we'll discuss human vulnerability and how it relates to unique individuals.

The Spectrum of Cybersecurity Education

Cybersecurity education covers a wide range, from people who know very little about cybersecurity to seasoned experts. Regardless of where you fall on this spectrum, it's important to get the education that's right for you.

For Beginners

For those with little understanding of cybersecurity, education should focus on basic concepts, such as multifactor authentication (MFA). It's important to avoid acronyms or, if used, to explain them clearly. For example, MFA means having more than one way to verify your identity, such as a text message code, an authenticator app, a thumbprint, or a security question.

When teaching beginners, it's crucial to explain both the definition and the application. For instance, losing access to your personal email could mean losing access to your calendar, bank accounts, retirement information, social media, and more. If someone only needs your password to access your email, that's a risk. But if they also need your phone for MFA, it's much harder for them to gain access.

Password hygiene is another key topic. Passwords are often leaked, and services like "Have I Been Pwned" can help you check if your credentials have been compromised. Even if your password hasn't been leaked, using MFA can prevent immediate problems if your password is exposed.

For Security Practitioners

For those already in the field, the biggest educational gap is often communication. Security practitioners may understand the technical details of tools and frameworks, but they also need to communicate the value of these tools to people who don't have a technical background. It's important to explain not just how something works, but why it matters and how it benefits the business.

Risks of Neglecting Cybersecurity Education

Neglecting cybersecurity education can lead to:

  • Falling behind as technology evolves rapidly
  • Being unprepared for threats until they arrive at your doorstep
  • Difficulty integrating new technology effectively

Many people only seek education after experiencing a scare, such as a phishing attempt or a suspicious email. It's hard to know what you don't know, especially in a broad and deep field like cybersecurity.

For practitioners, being unable to communicate effectively can mean failing to convey the importance of security measures to business owners, especially in small and medium-sized businesses. If you can't explain your services at an introductory level, you risk talking past your clients.

The Role of MSPs in Cybersecurity Education

Managed Service Providers (MSPs) play a crucial role in educating their clients. As an MSP, you should take full responsibility for your clients' cybersecurity education. This includes:

  • Running awareness training programs
  • Advocating for security budgets and priorities at the executive level
  • Understanding and communicating the risks clients face
  • Using resources and partners to support education efforts

Your clients will be as educated as the time you invest in educating them. Sometimes this involves assigning "homework" or recommending resources.

Recommended Resources and Approaches

  • YouTube: Search for "cybersecurity basics" to find presentations and tutorials.
  • Cyber Insurance Recommendations: Learn about the five main things cyber insurance policies recommend:
    1. 1.Multifactor authentication
    2. 2.Security awareness training
    3. 3.Immutable, segregated backups
    4. 4.Managed or NextGen antivirus (AV)
    5. 5.Endpoint detection and response (EDR)
  • Structured Learning: Consider free or affordable online courses (e.g., Coursera) for a structured approach to learning cybersecurity.
  • Ask Your MSP: If you're not an MSP, ask your provider what you should learn for additional cybersecurity knowledge. Seek both behavioral awareness training and education on security concepts.

For Employees and Individuals

If you work at a large company, there are likely resources available for learning more about security. Reaching out to your security team to ask for learning opportunities is a great way to stand out and take initiative.

Security is often seen as a "black box"—something people avoid because it seems complex and inaccessible. Taking the initiative to learn, ask questions, and seek understanding can set you apart.

Final Thoughts

Whether you're a practitioner or just starting to learn about cybersecurity, there are many resources and approaches available. If you have questions or want to discuss cybersecurity further, reach out via LinkedIn or the website. The key is to take ownership of your education and seek out the knowledge you need to stay secure in an increasingly connected world.