5 good-news stories to kick off Cyber Security Awareness Month

If you’re in the USA, it’s officially National Cyber Security Awareness Month, starting today, October 1, 2015.

Here on Naked Security, we’ll refer to it more loosely just as CSAM, in the hope that Naked Security readers all over the world will join in.

Of course, CSAM isn’t an invitation to take cybersecurity more seriously only during October, followed by falling off the wagon in November, and ending up back where you started by Christmas.

CSAM is an opportunity for tightening up all the sloppy security habits you’ve been getting into, adopting those improved security practices you’ve been meaning to do all year, and urging your friends, family and colleagues to do the same.

That bit about “urging your friends, family and colleagues to do the same” is particularly pertinent this year, with the CSAM theme being Our Shared Responsibility.

CSAM 2015 also marks the fifth anniversary of a campaign called Stop | Think | Connect, which encourages you do exactly that.

One problem with multi-year digital lifestyle campaigns of this sort, however, is that you can end up with a sense of underachievement, a sense that even after years of trying, we’re all still stuck on the bottom rung of the ladder.

So we thought we’d kick off the fifth year of Stop | Think | Connect by mentioning five areas where we think things have improved in the past few years.

OK, perhaps we haven’t actually done all the things we’re supposed to have, and perhaps we still have a way to go even if we’ve started doing them, but we think that attitudes to cybersecurity are changing for the better.

So here are five eclectic examples to cheer you up.

1. Fans of Macs and Linux are learning not to crow about being “immune” to security problems.

Five years ago, whenever we’d talk about cyberthreats for Mac and Linux, we’d be pelted with brickbats about how OS X and Linux were “secure by design”, or “couldn’t get malware”, and so on.

We’re not hearing that as much any more.

Make no mistake, poor security on many Linux systems is still a huge problem, with cybercriminals flocking to vulnerable Linux servers that they then use as vehicles to spread malware to Windows users.

But at least we’re not faced with walls of divisive denial any more, meaning that we have a more unified front these days.

2. Two-factor authentication (2FA) is gaining acceptance.

Nine years ago, we presented a paper at the Virus Bulletin conference entitled Can strong authentication sort out phishing and fraud.

There wasn’t much room for 2FA, because few organisations were offering it, and many users just weren’t keen, because it sounded like a real hassle.

That’s changing, with more and more services offering some kind of one-time login codes, and more and more customers demanding the feature.

3. Social networks have an increasingly visible concern for privacy.

Yes, Facebook is still the service that people love to hate. (That doesn’t seem to stop many of its detractors using it, but you can’t have everything.)

But you have to take your hat off, at last in part, to Zuck and everyone at Facebook, because they really have changed their attitude.

There’s the Privacy Dinosaur, there’s the Security Checkup tool, and there’s the Privacy Policy in plain English.

Facebook, amongst many other corporate online giants, is even getting a bit of rep for standing up to The Man.

OK, it’s not all buoyant news, not least with Facebook and others taking aprivacy battering in the EU lately, and with new data-sharing features still generally opt-out rather than opt-in.

But things realy aren’t what they were back in 2010 when that Zuckerberg movie came out.

4. Encryption is turning up where it didn’t used to be,

It’s not many years since SSL/TLS, the padlock in your browser’s address bar, was considered hard to do, so it was reserved for web traffic where it really couldn’t be avoided.

You would typically login to your webmail via an encrypted link, which kept your username and password safe, but would then be then pushed down onto an unencrypted connection to deal with your messages.

The theory was that encrypted connections over TLS were too slow, and expensive, and troublesome, to be expected everywhere.

That has changed: try visiting services like Gmail, Outlook.com, Yahoo!, Twitter and, yes, Naked Security, over HTTP and, these days, you’ll get pushed up to an HTTPS connection.

5. We’re doing a much better job with our passwords.

Actually, if we’re honest, this one has a fair way to go yet.

Nevertheless, we’re listing it anyway to praise those amongst us who have left their bad password habits behind.

For everyone else, we’re saying, “Why not kick off CSAM by watching Naked Security’s video on How to Pick a Proper Password?”