October is cybersecurity month in the US,

7 Oct

…but it is unlikely consumers will actually be reached by useful information in a meaningful way. Yes, there is a cast of lip-service websites mentioned in a press release or a blog post by most relevant companies and government agencies, but chances of actually improving online safety are extremely low from what I can tell so far.

The state of online safety education (even the term “cybersecurity” totally misses the point here) can be summarized by a simile: It’s like telling obese Americans that cooking with quinua is healthier than rice when what you need to tell them is to START COOKING.

The most shockingly inadequate is the antiphishing.org website by the The Anti-Phishing Working Group (APWG), an industry association. An average internet user would have a seizure and close the browser window in fear upon hitting their homepage.

StaySafeOnline.org by National Cyber Security Alliance, endorsed by major companies like Microsoft and government agencies like Homeland Security, looks a little more soothing, with slightly higher chances of captivating a curious visitor eager to learn more about “how to stay safe online”.

However, actually trying to get information is a little harder. The website offers a deadly mix of condescending tone and content that is out of touch with an average reader’s technical comfort level. Take this leading paragraph in the “Home” subsection:

Most households now run networks of devices linked to the Internet, including computers, laptops, gaming devices, TV’s or set top boxes, and cell phones that access wireless networks. To protect your home network and your family while they’re online you need to have the right tools in place and confidence that family members can surf safely and securely. Make sure you know the basics of securing your home network and your family’s privacy.

Kindergarten tone yet no direct practical information.

Or, take this LONG ESSAY about “email safety”. After five introductory paragraphs with filler text such as “Email has become a critical way to communicate with friends and families and conduct business – it’s quick, convenient, and effective,” the author slowly reveals that it’d be good to turn on your spam filter: “In many cases these are set to “on” by default, but if they’re not, you can easily activate by finding your filtering preferences tab, or using your program’s “help” tool.” OK, how about actual instructions on how to do that in major email clients?

The section about “phishing”, perhaps one of the most prevalent and worrying online threats right now, comes after enduring paragraphs of patronizing prose about avoiding spam using spam filters. The author clearly ran out of steam by now, since what “phishing” is is explained in one short paragraph that sounds like it’s lifted out of a dictionary, with no examples or juice in it. The instructions make sense, but I am convinced that an average internet user, if they are still reading this far by some miracle, would be left largely helpless. Tips like “Do not send sensitive information over the Internet before checking a Web site’s security.” are pointless without instructions. Every child knows that if something is “safe” and “secure” that’s good, but most people don’t know how to ascertain that. “Pay attention to the URL of a web site. Malicious web sites may look identical to a legitimate site, but the URL may use a variation in spelling or a different domain (e.g., .com versus .net).” Come on! Why not say “the link” or “address in browser” and where and at which point to pay attention? And my favorite: “Information about known phishing attacks is available online from groups such as the Anti-Phishing Working Group.” No hyperlink?!?

I can just see this author imagining reading this essay to a group of captive preschoolers with a soothing tone.

Educating the internet public about online threats requires an approach that is the exact opposite of this: respectful and succinct, informed by a deep understanding of your audience and delivered with the same care afforded to highly-target and effective marketing messages.

However, I get to conclude with a bit of good news. Surprisingly, the best website I found is brought to us by the federal government. Maintained by the Federal Trade Commission, onguardonline.gov is packed with tips, games and videos, delivered in a well-designed, energetic, and to-the-point manner.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: