Written by: Tom Pendergast, Chief Learning Officer at MediaPro
2020 has been a hell of a year. No further explanation needed, right?
If you’re like me, you crave a little peace right now, a little certitude, a sense that some part of your life is stable, grounded, and serene.
There are parts of my life that offer such peace: my relationship with my wonderful wife, Sara, and my kids and their partners; getting out in the mountains; and watching birds.
Real Peace
But there’s another area of my life that brings me real peace.
When I dream big, I think it might be something that could bring peace to your life, to make us all better citizens, and maybe, just maybe, bring about peace on earth.
What is this magic thing I’m talking about? It’s not meditation and it’s not some woo-woo brand of positive thinking.
No, it’s a cybersecurity mindset*—an approach to navigating the digital world that takes the fear, uncertainty, and doubt out of your digital interactions and leaves you feeling secure and in command.
The great thing is, this mindset is built upon habits that you can learn easily; that you will deploy every single day; and that you can readily share with friends, family, and your community. It’s within your grasp, with just a little work.
I’ll explain briefly what those habits are, but it’s the mindset that brings me a lot of peace—and may do the same for you.
What Comes First: The Habits or the Mindset?
What’s the first habit or skill you learned when it came to cybersecurity?
Was it checking that a URL shows a padlock? Examining the “from” address in an email that just didn’t seem right? Never clicking on links in phishy-looking emails? Building your own kludgy system for managing passwords? Signing up for MFA?
If you’re like most people, you probably started small. You might have heard something about a company that got phished or someone who had their identity stolen. But something nudged you to change your behavior a little bit, to start developing a new habit.
As you developed that habit, you discovered that you felt more confident about your interactions with the digital world, and so maybe you added another habit and that improved your attitude even more.
Before you knew it, you started to develop a cybersecurity mindset.
Little By Little
For me, it started with taking it as a challenge to never get tricked by a phishing email—honestly, that felt like fun. Then I began using an authenticator app, and I got a little boost every time I used it, knowing it improved my security (and maybe foiled some damned cybercriminal).
And then I finally took the leap and adopted a password manager. That was a big one, because I had to wade through the valley of 700 password changes, but when I got to the other side I was thrilled knowing that I had a unique password everywhere I went. Every time I use my password manager I smile.
What happens—little by little, habit by habit—is you begin to develop a more nuanced and interconnected understanding of the digital world and how you can navigate that world safely.
You begin to develop a mental model of how to manage your digital identity, and gradually you grow in confidence that you can do so safely, with full control over your personal information.
As you become better at swatting away the attempts to exploit you in your inbox and your phone, you also become better at identifying attempts to manipulate you in the media, especially on social media. You become less prone to react to outrage and to share crap, and you become a more discerning interpreter of the misdirection and disinformation that characterizes so much of politics.
Put simply, you become a better citizen.
From Peace of Mind to Peace on Earth
If you already have this mindset, my guess is you value the peace of mind that it brings you.
You’re aware of the fear, uncertainty, and doubt that sometimes swirls around cybersecurity, but you feel confident that you personally are safe—not invulnerable, but safe. (If you’re in the information security profession, you may have this kind of peace of mind already, albeit tempered by a heightened sense of the risks).
What I’ve noticed during this tumultuous time in our society is that this mindset equips me to ride out the waves of outrage that characterize social media and overflow into the streets and the news. The cries that Antifa is coming or that the Proud Boys are storming our cities are so clearly designed to prey on our fears and vulnerabilities that they remind me of ham-handed phishing attempts.
The misinformation and disinformation that fills the media feels like just more social engineering. My cybersecurity mindset helps me keep an even keel, not take the bait, and look for the truth.
Spread a Little Peace
Now imagine you could spread that mindset to everyone in your company. Wouldn’t that begin to create the kind of security culture that we all aspire to? One where people support each other in their security and privacy habits, enjoying how meaningful it feels to all be aligned.
And it might not stop there, as your workplace cybersecurity champions would feel empowered to share their mastery and confidence with their families and friends, spreading the cybersecurity mindset deep into our culture.
It’s in this way that the skills we teach in security awareness programs can ripple outward, influencing our corporate cultures, aiding us in being educated citizens, and ultimately bringing about peace on earth.
Alright, that last one may be a bit of a reach, but if you’re looking for inspiration to guide you in your work in cybersecurity, what goal could be loftier than bringing more peace to our troubled times?
*I wish I had a better name for it. When we promote this mindset in workplaces, it generally gets called security awareness—but to me that always feels too limited, both in subject matter and in depth of commitment. When I talk about it casually, I call it my built-in bullshit detector, but that seems too crass and maybe too glib. Any ideas?