Security is too important to trust to computers alone

DISCLAIMER: All opinions in this column reflect the views of the author(s), not of EURACTIV Media network.

Cybersecurity could be improved with better ICT training. [Dennis Skley/Flickr]

Even the best security software will not keep a company’s data safe if its employees are not adequately trained. The EU must deliver on its Skills Guarantee to keep Europe’s workforce one step ahead of the data thieves, writes Austeja Trinkunaite.

Austeja Trinkunaite is the European policy and communications manager for the ECDL Foundation, an international organisation dedicated to raising digital competence standards in the workforce, education and society.

It is European Cybersecurity Month (ECSM) this October, and the technological solutions to cybersecurity are many and various. From VPNs to help protect privacy, to antivirus and firewall software to prevent malicious software from taking control of a computer. Social networks and online services employ systems like two-factor authentication and sophisticated privacy controls, and web browsers flag potentially dangerous links.

It is tempting to look at this dense mesh of security and think that it protects us, that we can’t fall through it into the murky and often dangerous underworld of the internet. But unless we mind our footing and are aware of where and what the risks are, all the hardware and software in the world can do nothing to keep us truly safe. As with so many other aspects of using a computer, skills are at the core of staying safe online.

It is important that we understand what IT security risks really are. Rather than some abstract topic of discussion, IT security risks are very real, and the dangers are ones that can affect anyone. It is frightening how many cases there are of people losing personal information of being harmed by breaches of cybersecurity. For businesses, the effects of an attack can be devastating.

In one well-reported case, a journalist for Wired, a major technology publication, faced the loss of priceless data, including photos from the first years of his daughter’s life, because of a callous attack on his online accounts. In other cases, young people have endured cruel cyberbullying and had to contend with deeply personal information circulating online in ways they would rather it did not.

For small and medium-sized enterprises, like MNH Platinum, security breaches can take a business to the brink of bankruptcy. MNH Platinum had its customer data taken hostage after an employee inadvertently clicked on a malicious link in an email. They ended up having to pay a ransom of more than €4,000 to the attackers just to get their business-critical information back.

The largest cyberattacks make the morning headlines, but every day, countless people and organisations suffer from poor IT security. The costs might not be big enough to grab public attention, but when security breaches at SMEs in the UK cost, on average, from €104,500 to €433,160, according to research by PWC, the need to tackle this problem is crystal clear.

What links many of these cybersecurity breaches is the fact that a lot of them could be prevented if people followed simple IT security principles. Understanding the risks that can come from email attachments from unknown senders, knowing how to evaluate the trustworthiness of links in search results, and being able to confidently set privacy and security settings for online services, are a few of the areas where people can vastly improve their safety online, saving themselves from the potentially life-changing consequences that breaches of privacy and security can bring.

There is a clear role for public authorities, at all levels, to play in helping equip people with the IT security skills that they need to stay safe online. In EU member states, education and training services should integrate IT security skills into their broader digital skills programmes and education curriculums.

At European level, it is essential that the EU both deliver on its initiatives, such as the New Skills Agenda for Europe, and in particular the Skills Guarantee, which aim to raise the level of skills across the board, including in the area of ICT skills, and include a focus in those actions on cybersecurity skills.

There have already been promising steps, and the focused attention on cybersecurity during ECSM is also welcome, but the only way to make sure that everyone has the opportunity to develop the skills and competences that are essential for good online security is through sustained and ongoing effort.

As more and more aspects of our lives move online in one way or another, IT security has become something that involves all of us. We all have the potential to fall victim to poor IT security, but we also all have the capacity to learn the essential skills that will keep us safe when we use technology.

Subscribe to our newsletters