IE 11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

Federal Government Offers 4 Steps to Thwart Cyber Attackers

The Cybersecurity and Infrastructure Security Agency’s new public safety campaign is trying to raise the national cyber posture by offering short, simple tips to all users.

Closeup of a gold lock sitting on a computer keyboard.
Screenshot
Apps have multifactor authentication (MFA), software updates automatically, and many users recognize and avoid phishing attempts. To some extent, we are living in the Cybersecurity and Infrastructure Security Agency (CISA)’s hoped-for future.

To build on and reinforce this, CISA has a new public safety campaign and website that breaks advice into a few simple, bite-sized steps and explanations. The “Secure Our World” website, launched Tuesday, includes pages targeted at residents, small-to-medium-sized businesses and tech companies looking to make products secure by design.

“It’s the obligation … of every digital citizen to know how to keep ourselves safe and secure online,” said CISA director Jen Easterly during a livestreamed announcement.

To avoid overwhelming pages of advice, the program limits its recommendations to four key measures to significantly reduce risks:

  • Strong password practices — residents should give accounts unique, long and random passwords, ideally using a password manager to generate and store them.
  • MFA — residents should use multifactor authentication on all accounts or at least important ones like those for email, finances and social media.
  • Detect and report phishing — residents should be alert to unexpected emails, texts or calls asking for personal information, especially those from unknown sources, and should avoid providing details, clicking links or opening attachments.
  • Update software — residents should enable automatic updates to ensure they always have the latest security patches.

Of course, to be impactful, the campaign needs to get attention. That means reaching beyond the typical security-minded audience who’s already attuned to these issues, said Kiersten Todt, Liberty Ventures Group CEO and a senior adviser to CISA’s Easterly.
The logo of CISA's Secure Our World webpage, showing an eagle in a shield icon next to the words "secure our world." The "o" of world is a globe.
CISA launched its Secure Our World campaign and website to encourage residents and SMBs to adopt key behaviors of good cyber security.
Screenshot

Creating social media and online content with hooks aimed at a variety of different audiences will be one way to expand the campaign’s reach, said Lisa Plaggemier, National Cybersecurity Alliance executive director. For example, her organization’s posts often lead with humor.

Kiersten Todt, seated and smiling, holds a microphone and looks at Phil Reitinger, who is also seated and speaking into his own microphone. Both are professionally dressed.
Kiersten Todt (left) moderates a discussion with panelists like Phil Reitinger (right).

“There’s no one right way, it’s really about having as much content as you possibly can produce that speaks to different audiences, people from different walks of life, different age groups,” Plaggemier said.

Partners in industry and nonprofits will also help spread the word.

There’s an emotional strategy in play as well, and research into people’s feelings around cybersecurity helped inform the tone of the website and campaign. The effort aims to emphasize how quick and easy cybersecurity can be, to motivate action and avoid creating discomfort that might lead to ignoring the topic, Plaggemier said.
Lisa Plaggemier speaking into a microphone at an event.
Lisa Plaggemier said research into people's emotions around cybersecurity helped inform the tone of the campaign.
Screenshot

“You don’t have to twist [people’s] arm” to get them to improve cyber habits, but rather show them clear, accessible actions to take, said Phil Reitinger, CEO and president of the Global Cyber Alliance.

And while the campaign hopes to instill secure habits — with speakers comparing good cyber hygiene to putting on a seatbelt when using a car or remembering to lock the door — tech companies can also go a long way by adopting cyber-secure practices and design decisions that ensure better safety. For example, making MFA the default on user accounts or using machine learning and AI to filter phishing emails before they reach inboxes, said Heather Adkins, vice president of Security Engineering at Google and deputy chair of the Cyber Safety Review Board.

Heather Adkins, professionally dressed in button up and suit jacket, stands before a "secure our world" backdrop and speaks into a microphone. She's standing at a podium.
Heather Adkins discussed the importance of companies following secure-by-design and -default approaches.
Screenshot
“I believe in ‘think before you click,’ but I also believe in ‘don’t make the user think about it if they don’t have to,’” Adkins said.

She and others expect to ultimately see password-based authentication replaced with different methods that could shift more of the cybersecurity burden off end users. But such a goal will take time to be realized, Plaggemier said.

The PSA campaign marks a dedicated effort to reach folks and to recognize that their situations are different than major companies’, Reitinger said. But we’re not yet at a turning point in the battle for nationwide cybersecurity, and people shouldn’t get discouraged if cybersecurity statistics don’t show a rapid improvement, he added.

“Are we going to be in a worse situation next year, despite this campaign? Yeah, we are. Because we’re not near the hockey stick moment,” Reitinger said. “But as companies like Google and Microsoft and Mastercard turn on things like two-factor authentication by default, as nonprofits work together to reach everybody, and as organizations like CISA continue to mature and grow and partner with both the private sector and nonprofits, I think we will get to that hockey stick moment. We will make a difference, and being safe online will be as easy as it is in the physical world.”
Jule Pattison-Gordon is a senior staff writer for Governing and former senior staff writer for Government Technology, where she'd specialized in cybersecurity. Jule also previously wrote for PYMNTS and The Bay State Banner and holds a B.A. in creative writing from Carnegie Mellon. She’s based outside Boston.