• Skip to primary navigation
  • Skip to main content
  • Skip to footer

Cisco Umbrella

Enterprise network security

  • Contact Sales
  • Login
    • Umbrella Login
    • Cloudlock Login
  • Why Us
    • Why Cisco Umbrella
      • Why Try Umbrella
      • Why DNS Security
      • Why Umbrella SASE
      • Our Customers
      • Customer Stories
      • Why Start a Free Trial
      • Why Cisco Secure
    • Fast Reliable Cloud
      • Global Cloud Architecture
      • Cloud Network Status
      • Global Cloud Network Activity
    • Unmatched Intelligence
      • A New Approach to Cybersecurity
      • Interactive Intelligence
      • Cyber Attack Prevention
      • Umbrella and Cisco Talos Threat Intelligence
    • Extensive Integrations
      • IT Security Integrations
      • Hardware Integrations
      • Meraki Integration
      • Cisco Umbrella and SecureX
  • Products
    • Cisco Umbrella Products
      • Cisco Umbrella Cloud Security Service
      • Recursive DNS Services
      • Cisco Umbrella SIG
      • Umbrella Investigate
      • What’s New
    • Product Packages
      • Cisco Umbrella Package Comparison
      • – DNS Security Essentials Package
      • – DNS Security Advantage Package
      • – SIG Essentials Package
      • – SIG Advantage Package
      • Umbrella Support Packages
    • Functionality
      • DNS-Layer Security
      • Secure Web Gateway
      • Cloud Access Security Broker (CASB)
      • Cloud-Delivered Firewall
      • Malware Protection
      • Remote Browser Isolation (RBI)
      • Data loss prevention (DLP)
    • Man on a laptop with headphones on. He is attending a Cisco Umbrella Live Demo
  • Solutions
    • SASE Solutions
      • Cisco Umbrella SASE
      • Secure Access Service Edge (SASE)
      • What is SASE
      • What is Security Service Edge (SSE)
    • Functionality Solutions
      • Web Content Filtering
      • Secure Direct Internet Access
      • Shadow IT Discovery & App Blocking
      • Fast Incident Response
      • Unified Threat Management
      • Protect Mobile Users
      • Securing Remote and Roaming Users
    • Network Solutions
      • Guest Wi-Fi Security
      • SD-WAN Security
      • Off-Network Endpoint Security
    • Industry Solutions
      • Higher Education Security
      • K-12 Schools Security
      • Healthcare, Retail and Hospitality Security
      • Enterprise Cloud Security
      • Small Business Cybersecurity
  • Resources
    • Content Library
      • Top Resources
      • Cybersecurity Webinars
      • Events
      • Analyst Reports
      • Case Studies
      • Customer Videos
      • Datasheets
      • eBooks
      • Infographics
      • Solution Briefs
    • International Documents
      • Deutsch/German
      • Español/Spanish
      • Français/French
      • Italiano/Italian
      • 日本語/Japanese
    • For Customers
      • Support
      • Customer Success Webinars
      • Cisco Umbrella Studio
    • Get the 2022 Cloud Scurity Comparison Guide
  • Trends & Threats
    • Market Trends
      • Hybrid Workforce
      • Rise of Remote Workers
      • Secure Internet Gateway (SIG)
    • Security Threats
      • Ransomware
      • Cryptomining Malware Protection
      • Cybersecurity Threat Landscape
      • Global Cyber Threat Intelligence
      • Cyber Threat Categories and Definitions
    •  
    • Woman connecting confidently to any device anywhere
  • Partners
    • Channel Partners
      • Partner Program
      • Become a Partner
    • Service Providers
      • Secure Connectivity
      • Managed Security for MSSPs
      • Managed IT for MSPs
    •  
    • Person looking down at laptop. They are connecting and working securely
  • Blog
    • News & Product Posts
      • Latest Posts
      • Products & Services
      • Customer Focus
      • Feature Spotlight
    • Cybersecurity Posts
      • Security
      • Threats
      • Cybersecurity Threat Spotlight
      • Research
    •  
    • Register for a webinar - with illustration of connecting securely to the cloud
  • Contact Us
  • Umbrella Login
  • Cloudlock Login
  • Free Trial
Security

Creating a Culture of Security Awareness

By Ashley Williams
Posted on July 11, 2014
Updated on March 5, 2020

Share

Facebook0Tweet0LinkedIn0

If you follow cyber security news these days, you’ll find that there’s a lot to keep up on. Threats exist everywhere. Just in 2014 alone, we’ve heard about the Heartbleed vulnerability in OpenSSL, the proliferation of remote-access Trojans (RATs), and it’s starting to feel as though there is a major data breach at a prominent company somewhere in the world almost daily.
As a result, this has led us into a sense of unease when it comes to how our money and information are handled by organizations whom we’ve trusted to keep them safe. Some out there may feel powerless to do anything about it; paying for items with cash only and hiding your money under a mattress seem almost reasonable when you’ve had to change your credit card number three times in one year.
This brings us to the world of security practitioners and information security. These people are tasked with ensuring the confidentiality, integrity and availability of data, which we already know is no easy feat. Not only are people who work in this field responsible for the safety of data, but they’re verifying that the clients and applications that may access said data pass security muster as well. This means finding and closing loopholes in local applications, examining past and present network traffic for any anomalies, and having a deep understanding of existing software vulnerabilities and how threat actors may exploit them.
While a security practitioner may get excited about this kind of talk, this is where the non-technical of us tend to fade away from the conversation. Cross-site scripting vulnerability? Yawn. Goto fail? Yep, you’ve lost me. Unfortunately, our willingness to allow the conversation to shift into the uber-technical leaves the rest of us out, and often without the tools and education needed to protect ourselves, our data, and our company’s data. It’s not a coincidence that most data breaches are a result of human error.
However, the thing to keep in mind is that a malicious actor will not discriminate when it comes to raking in all that they can. You may have seen a few headlines recently stating that there is a shortage of security professionals, and the ones that are already in the field know what they’re up against. How do the rest of us, the non-security practitioners, help out, and keep ourselves and our data safe at the same time?
The first thing to keep in mind is that security is about awareness and context. Awareness is making sure that you’re entering your banking details on the correct site, and ensuring that site is using HTTPS. Context is asking yourself “is it a good idea for me to click the odd-looking video link in this Facebook post?”
We can use these ideas of awareness and context to protect our own data, as well as the data of the company for which we work. In the same way we don’t hand our kids over to the first creepy old man wearing a t-shirt that says “baby-sitter” on it, we shouldn’t be handing our data or the “keys to our kingdom” over to the bad actors. Here are a few things the non-technical folks can do to help our security practitioner brethren:

  • Step up your password game: It is 2014. There is no reason for passwords to be scrawled on post-it notes anymore. There are a number of reputable password managers out there, 1Password and LastPass being two of them, and if you have an account with a service that supports two-factor authentication, turn it on! Gmail has it, as do Facebook and Dropbox, and so does OpenDNS for that matter.
  • Password-lock your screen: This way, nobody walking by your computer while it’s unattended can see any information you don’t want them to see. This will also deter your co-workers/housemates/anybody in close proximity from getting on your computer and changing the desktop wallpaper to an image from My Little Pony.
  • Greet people you don’t know: Are you in an office and see somebody walking around you don’t recognize? Ask them if they need help! If your office is anything like OpenDNS HQ, then that person is likely a new employee, and if this is the case, you’ve just met a new co-worker and made them feel welcome. Good on you! If this isn’t the case though, politely direct that person to your front desk or reception area; don’t allow them to walk around your office space willy-nilly.
  • Know your role: Why is this important? Spear-phishing is a method of gaining access to a company by sending a targeted email to an employee and imploring them to give up sensitive information. In my case, I work in our Customer Success department; therefore, I shouldn’t receive any emails asking me to click a link to review company financials, for example. If I do receive such an email, you’d better believe I’m giving it the side-eye and passing it along to one of our in-house security practitioners for review.
  • Be more discerning: Don’t be afraid to ask questions of people making requests! Our natural inclination, especially in the workplace, is to be as helpful as possible. In some cases, this results in us giving up too much information. Therefore, if you receive a phone call from somebody wanting sensitive information, don’t be afraid to double-check the caller’s name and role and why they need the information they’re asking for. If you’re dealing with maintenance or a repair person, find out what they need access to, and if their visit was previously scheduled. Otherwise, if the situation seems fishy, there’s a good chance it is.
  • Check your assumptions: Don’t assume you or your company won’t be targeted. In this day and age, there is no such thing as being too big or too small to be breached, and while many threat actors have specific reasons for launching attacks on various organizations (espionage, cyber politics, hacktivism, etc), there are some bad actors that will try to take your company’s website down because it’s Tuesday. Don’t make it easy for them.

With that in mind, even if you aren’t a security engineer working on the so-called glamorous technical work (or dirty work, depending on how you look at it), there’s room for all of us in this conversation about security awareness, simply because there is too much at stake. As a consumer, do you want to read about yet another data breach at some large organization with whom you’ve done business? As an employee, do you really want to read about your company’s latest breach and be worried about fielding questions from your customers? I didn’t think so.
If you’re a security practitioner reading this, we know your job isn’t easy. You have to have eyes on all systems and applications at all times, you have to filter through terabytes of data to find that needle in the digital haystack, and you have the sobering knowledge that there are very real consequences associated with things that go bump in the cyber night. We’re asking that you help us help you. Let the non-technical people know how we can participate in this conversation, and what we can do to make your daunting job less daunting. You can even make it fun for us! Gamification is an option, as is buddying up with your local marketing department to launch an internal campaign on the importance of cyber security awareness.
If you’re a non-technical person reading this, ask lots of questions of your technical brethren and really understand what’s at stake. Is it your company’s reputation? If you’re a business owner, is it your own reputation? How does a data breach affect your bottom line? As a consumer, will you need to go out and replace your credit card again for the fourth time this year? As an employee, will a breach at your company result in decreased revenue, and therefore less room for overall growth?
In the end, we’re all security practitioners in some way. At the very least, we all need to think like one because we all want the same thing: for our information to be safe and out of the hands of malicious actors.
From an organizational standpoint, the health of any business today is going to depend in part upon their security posture and the trust that their customers have in them. This is why creating a culture of security awareness among all parties is so imperative. Nobody wants to be caught with their pants down, especially not in a situation where customers’ trust is broken. Since none of us want that, let’s help each other cultivate that culture by asking questions, being patient with one another and understanding that we’re all in this together.

Previous Post:

Previous Article

Next Post:

Next Article

Follow Us

  • Twitter
  • Facebook
  • LinkedIn
  • YouTube

Footer Sections

What we make

  • Cloud Security Service
  • DNS-Layer Network Security
  • Secure Web Gateway
  • Security Packages

Who we are

  • Global Cloud Architecture
  • Cloud Network Status
  • Cloud Network Activity
  • OpenDNS is now Umbrella
  • Cisco Umbrella Blog

Learn more

  • Webinars
  • Careers
  • Support
  • Cisco Umbrella Live Demo
  • Contact Sales
Umbrella by Cisco
208.67.222.222+208.67.220.220
2620:119:35::35+2620:119:53::53
Sign up for a Free Trial
  • Cisco Online Privacy Statement
  • Terms of Service
  • Sitemap

© 2022 Cisco Umbrella