Digital literacy is an important term to understand for those who interact with the digital environment – aka, everyone. In this blog, we discuss digital literacy at a high-level, but will get into more specifics in this ongoing digital literacy series. Stay tuned!
What exactly is “digital literacy”?
Digital literacy is a trendy term in the technology sector. According to Wikipedia, it is “the set of competencies required for full participation in a knowledge society. It includes knowledge, skills, and behaviors involving the effective use of digital devices…for purposes of communication, expression, collaboration and advocacy.”[1]
More simply put, it’s the ability of an individual to engage with the digital environment. In terms of infosec, you can take it further to mean the ability to operate technologies safely – knowing what to do and what not to do and how to avoid taking unnecessary risks.
If you compare it to driving a car, we know that operating a vehicle requires a certain amount of practice and knowledge. It also requires you to pay attention to all that’s going on around you. The same is true with cybersecurity – in order to participate in a digital environment, you need to understand the rules. This is what makes you digitally literate.
Why is digital literacy important?
Digital literacy is an unavoidable part of everyday life that people tend to overlook. Almost our entire lives are online (whether you like it or not) and that’s only going to increase. Everyday users who don’t really “care much” about cybersecurity are the easiest and quickest targets for fraud and for access into an organization they work for. Pursuing digital literacy not only benefits you, but it also protects your friends, family and workplace.
At a high-level, what are some of the biggest gaps in digital literacy (within cybersecurity)?
There are a number of areas where people understand less than they should about online safety. For now though, I’ll highlight 5. These areas matter for every individual, whether in personal or professional environments.
-
Monitor your behaviour on social networks
There is a lot of misunderstanding around what people should and should not do/post on social networks. Before putting something online, you should ask yourself: Does this need to be public? Is it worth the risk? Not only is what you share online available to friends and family, but it’s also available to cybercriminals.
These cybercriminals—or hackers—present both physical and virtual threats. The bad guys can use your social networks to gather user behaviour habits, like where you live and when you’re home. They can also access personally-identifiable information like birthdays, which can be used to facilitate fraud and identity-theft.
Additionally, it’s important to remember that the information you provide on social channels can be used by cybercriminals as a way for them to understand your social networks and consequently gain access to business targets with confidential data they can exploit.
-
Keep your devices safe
Anti-virus software is great, but consumers tend to be overly reliant on it. There are additional measures you should take—like how you configure the settings on your devices. Each operating system you use has security settings that are often disabled by default. A good first step would be to learn what these settings are and to use them to your advantage. Also – be sure your patching is automatically triggered on your devices and you’re always taking the time to complete software updates whenever they’re available.
At work, consider how this plays a role with bring-your-own-device (BYOD) programs. Because so many of us bring personal devices to the workplace and connect them to business networks, ensuring those devices are protected and used wisely puts significant responsibility on you as the employee.
-
Understand how best to use passwords
Passwords need to be complex and hard to guess, but not so much so that you can never remember them. One thing I like to recommend is “passphrases.” To make these, simply come up with a phrase you can remember and then make a password from the first letter of each word in the phrase. For example, if the phrase is “I love my red dog Pluto!”, the password would be “IlmrdP!”.
Additionally, enable 2-factor-authentication whenever possible and don’t use the same password for all your accounts. You can use a password manager to help you keep track of all your passwords. I recommend an app called “keypass” – it’s free!
-
Handle unsafe content
It’s important everyone knows exactly how to respond or react in unsafe situations online. Here’s a few things to watch out for:
- Be wary of suspicious emails – if you think there’s some legitimacy to an otherwise suspicious email, get the phone number and follow up without giving any other information. Otherwise, just delete the email.
- Don’t fall for (or click on) popups claiming that your computer is infected.
- Avoid BitTorrent sites.
Whatever you come across online, follow this simple rule: STOP and THINK. A few seconds of deliberation could save more than just your computer in the long-run.
-
Safety considerations for the future
When it comes to technology, the world is changing quicker than most people can keep up with. We’re entering an era in which more information is available than ever before, we’re increasingly reliant on technologies for even the most basic tasks, and technology is almost completely unavoidable. Although that may sound daunting, it doesn’t have to be.
We need to be prepared. Our online presence has made us overly exposed—like being naked in a digital environment. The increasing interconnectedness between business and personal environments means we have to assume individual responsibility to make sure we’re using precautions on all our devices when online. It is not an impossible task, but it will require vigilance.
How can we start to bridge these gaps?
Education, education, education. Employers must take the time to train their employees on the importance of safe practices online. In our recent threat intelligence report from Q2 of 2017, we found that of 4 million cyberattacks, about 40,000 of them are phishing attacks. There are millions of stories online about people who have been hacked because of phishing – read these stories and learn from these mistakes!
The advance in technology is truly an exciting time. But like all progress, it will require some adjustments. If you’re an employer, consider how these knowledge gaps could compromise your business. If you’re an employee, take the time to educate yourself about online risks.
Learn more
eSentire® is the largest pure-play Managed Detection and Response (MDR) service provider, keeping organizations safe from constantly evolving cyber-attacks that technology alone cannot prevent. Its 24x7 Security Operations Center (SOC), staffed by elite security analysts, hunts, investigates, and responds in real-time to known and unknown threats before they become business disrupting events. For information about our services, please visit www.esentire.com.
