Why do computers remain unpatched? Why are passwords lost even today? Why do people still open malicious attachments? Why is encryption not always embraced? Is the major problem with understanding cybersecurity that it is not tangible? You can’t touch it. You can’t smell it. You can’t hear it. While computers and smartphones can be touched/smelled/heard, their apps and your data can’t. That makes cybersecurity abstract and easy to ignore, forgotten as soon as the mind focuses elsewhere.
In the real world, we have become accustomed to acting securely. We lock our houses and shut the windows when going on holiday. If the lock or window is broken, we get it fixed. If some stranger asks us for our credit card PIN, we tell them to get lost. The same applies if a stranger offers us, for example, a small bag of white powder and asks us to carry it across the border: we (should) decline and leave. And, for sure, we do not shout out intimate details about recent family problems, illnesses, affairs and so on.
On the other hand, we usually also store lots of (digital) valuables in our computers: bank information, private correspondence, family photos and videos. For some of us, our whole life is accessible through our computer (see our Bulletin article “Open door, open screen, open life..."), but we struggle to keep our computers up to date such that basic digital protections are in place. Some people reply if they receive an e-mail from a stranger, in an unusual context, possibly even in a foreign language, asking for their Apple ID, Office 365 account details or CERN password. Sure, they won’t have given away their PIN. But such e-mails are like any other unverified communications in the open with strangers. Only the context transforms the stranger and the conversation into something tangible and trustworthy (or not). The same holds for web links: every blue, underlined text pointing to another webpage is nothing other than a potential “small bag of white powder” offered to us by a stranger. Only the context makes it trustworthy (or malicious). Also, if you do not use encrypted channels (e.g. HTTPS, SSH or VPN), your digital communication with the world is public – whether you’re browsing the web, posting on Facebook or accessing your inbox. All unencrypted communication is shouted out aloud to those who want to listen…
So, please think a bit more about the real world. Think about the protection of your valuables at home. Think of your PIN. Of small bags offered in dark places. About the way you talk about family business. Then do the same in the virtual world: keep your computer, laptop and smartphone up to date, protect your password, STOP --- THINK --- DON’T CLICK, and make sure that you use “HTTPS” when browsing (check for the “https://” in your browser’s URL address bar --- the “s” is important).
Do you want to learn more about computer security incidents and issues at CERN? Follow our Monthly Report. For further information, questions or help, visit our website or contact us at Computer.Security@cern.ch.