Whenever I think of security awareness, there is one question that haunts me: How do we educate the not-so-technically inclined about security? It seems like a simple enough question, we know the basic tips and tricks, it’s second nature to many of us. Keeping Windows fully patched and up to date pretty much takes care of itself with the proper settings in Windows Update. Many other applications check for updates regularly by default. Running antivirus software should be a no-brainer and if you run a cloud-based AV solution like Webroot SecureAnywhere you don’t even need to worry about updates.
Then you try to explain how to identify a suspicious email to that friend or family member that always comes to you for computer support. You came prepared with sample emails complete with circles and arrows and highlighted text. You explain how to check email headers, hover over links to check where they actually go, and look for obvious spelling and grammatical errors. To the non-techie this can seem like a bunch of techno-babble that they will not remember.
The technical approach is simply not going to work on some people. Yo can suggest treating any email that they were not expecting to receive, is from an unknown sender, and contains a link or an attachment as suspicious. This can work, but has it’s own issues. People order products over the internet all the time. Order and shipment confirmation emails are something people expect, so when someone receives a fake email claiming to be from a shipping company it can be quite effective. These emails may be obviously suspicious to you, but you said to be suspicious of emails that they were not expecting, remember? It tends to just get more complicated from there. We want to educate and help develop healthy suspicions, not distrust and paranoia.
So how do we explain how to identify a suspicious email in simple terms that even the less technical people can understand? This is a question that we need to continue to ask ourselves, and we each need to do our part in educating others on security issues.
As a note, tomorrow begins National Cyber Security Awareness Month and with that, we will be posting regular security tips to keep you and your family safe while online.
