Cyber security is as easy as sending a postcard – or is it?

How hard is it to send a postcard? Surely anyone can do that without any help? I often use this analogy when talking to cyber security people with regards to what some people think is an easy task, and others not so much. I’m in the second category. So, let’s take a look at what’s involved in what appears to be a trick question.

To send a postcard you need to:

1. Make time to go to a shop that has postcards that reflect your personality as well as that of who you are sending the card to.
2. Spend some time walking around looking for the right card for the right person.
3. Pay for it.
4. Take it back to the hotel.
5. Think of a message to write on it.
6. Write the message.
7. Oh, yes, I almost forgot, make sure that you have got the person’s address.
8. Write the address.
9. Get some stamps (There can’t be much more to this can there?)
10. Stick the stamp on the card.
11. Walk down to the letterbox.
12. Put the postcard into the letterbox.

Making cyber security easier

I’ve always liked the idea that when someone receives a postcard from me, they have a warm feeling inside, but to have to go through those steps for ten seconds of warmth really doesn’t seem worth it. Yes, I know we use instant messaging, etc. now, but even all that is a few steps too many to hold my interest.

That is often how non-security people feel about everything they feel they must do related to cyber security, especially when they feel it is not their job or responsibility, etc. The things that we must do to provide that warm fuzzy feeling of “we are secure/protected” shouldn’t be any harder than it needs to be. Until now, we just haven’t taken cyber security from the sending a postcard to the sending an electronic message stage.

Making protecting ourselves from security, privacy and fraud issues is not just the domain for security service providers – every organization has a role to play. The security providers know their role, but other corporate providers need to up their stakes too.

Are cyber security and privacy settings too difficult?

Some non-security service providers almost seem to the other extreme when it comes to security and privacy. Some social media companies pretend to help by bringing everything together in one place, but at the same time make it so difficult to understand unless you are a security or privacy expert. Their front-end screens have undergone user experience testing to get users to spend more time on their platforms. However, when it comes to the security and privacy settings, they seem to have made things so difficult – as if they hope you give up and not bother with any useful settings.

What this does is create the perception that looking at any security or privacy settings is going to be pointless, as users think they won’t understand any of it. All services have a responsibility to make security and privacy settings easier to understand and implement, and reduce the complexity of taking protection actions.

Hybrid working isn’t going away

Let’s face it, within enterprises and our homes, hybrid working isn’t going to go away, we need to make security something that we actively make easier, not just by how we control our corporate assets (computers and mobiles), but by helping make our employees lives more secure. Recently, someone I know lost their purse and keys, the hours spent dealing with this was incredible, but it’s the same with any other aspect of cyber security, privacy or fraud protection being compromised. Users will have to take time to fix things with many more steps involved than there would have been had they been more secure in the first place. In the meantime, by not doing this, we allow criminals to win.

Let’s make 2024 the start of making cyber security a little easier than it currently is.