Skip to content

Cyber Security Awareness for Everyone

Lisa Plaggemier's job is to promote cyber security awareness.

You can do anything on the internet – shop, bank, meet your future spouse, become famous, and more. But there are also very real risks to being online. Luckily, cyber security awareness isn’t just for IT experts and tech nerds. There are simple security measures anyone can do to make being online safer.


See Hackers Don’t Wear Hoodies with Lisa Plaggemier for a complete transcript of the Easy Prey podcast episode.

Lisa Plaggemier is the Executive Director of the National Cybersecurity Alliance. Their mission is to enable a more secure interconnected world. They educate the general public, not just IT and security professionals – people like moms, kids, and ordinary folks just trying to get through the day without being scammed. Everyone should know how to navigate technology in a way that keeps them safe and secure.

We’re all connected these days, and that has risks to it.

Lisa Plaggemier

How Lisa Started in Cyber Security Awareness

Lisa was not always teaching people about cyber security awareness and being safer online. She started her career in sales and marketing with Ford Motor Company, and eventually ended up in the marketing department of an automotive technology provider. This company had half a billion consumer records to protect. These records were things people gave to the finance office at car dealerships, including sensitive data like Social Security numbers, drivers license information, and addresses.

Around this time, a hacker managed to get complete control over a Jeep, and a data breach at Nissan saw many dealerships’ bank accounts be wiped out. The chief security officer at Lisa’s company wanted to do some thought leadership around security. Lisa was asked to join the security team.

At first, Lisa was confused. She was a marketing person – what was she going to do on a security team? But they needed someone to run a training and awareness program. She could get people excited about security.

They gave her a budget so she could work with a creative agency, and Lisa got to work. Some of the security training she did went viral through the company. One campaign was a series of short videos created like a game show. A few people contacted her on instant messenger saying, “I missed the last episode, where can I watch it?” You don’t often get people asking to watch more security training videos, but Lisa made it fun.

The Goal of Cyber Security Awareness Training

Lisa’s role was really to translate what was happening in the tech world to ordinary humans who don’t understand tech speak. That’s also what she does now in her role at the National Cybersecurity Alliance. Lots of security professionals have good intentions, but just throwing a bunch of information at people isn’t very helpful. There may be 20 important cyber security awareness things that everyone needs to know, but if you send out an email with that list, people’s eyes will glaze over.

A marketing VP once told Lisa, “Don’t feed them lunch – just make them hungry.” Don’t throw all the cyber security awareness facts on them at once, just make them want more. Give them enough crumbs that instead of tuning out of that list of 20 things, they click through to read more.

People rarely change their behavior because you dumped a bunch of information on them. […] What we’re trying to do is motivate behavior change.

Lisa Plaggemier

The goal is to change people’s behavior and actually get them to take some steps to improve their cyber security awareness. In order to do that, the information has to be interesting and engaging, not a laundry list of rules.

Why People Don’t Follow Security Best Practices

Technology enhances people’s lives. Many people just look at the promise of the technology. How we communicate with family across the country has gone from expensive long-distance calls to FaceTime and Zoom. Often, people just see the upside and the possibilities. They aren’t thinking about cyber security awareness because they don’t realize the internet was never intended to be secure.

Technology designers do their best to make technology easy to use. Design is all about making it simple and sucking you in. The security people are running behind the designers saying, “Wait a minute, you forgot this, this is a vulnerability.” It’s going against the tide to think about security before it’s designed.

Security by design and privacy by design are real things, and they are slowly growing. Security and ease of use don’t have to be opposed, especially if it’s planned from the beginning. But it’s still not the most common approach. When it comes to the internet, we’re trying to secure something that was never meant to be secure.

The Benefits of Password Managers

One cyber security awareness tip that everybody talks about is not reusing passwords. But every account has its own weird rules for length and complexity. This password has to be exactly this long, this one has to be shorter, the other one requires you to use a symbol but only one of these options …. The average person can have dozens of online accounts. How are we supposed to remember all of these different passwords?

A password manager is great for cyber security awareness.

The National Cybersecurity Alliance did a report called “Oh, Behave!” in 2021 where they asked 2,000 people in the US and UK about their behaviors. One of the questions was how they keep track of their passwords. The overwhelming majority wrote them down in a notebook. The second-to-last most popular option was a password manager.

Lisa often hears from IT managers saying they don’t need a corporate password manager because they have Single Sign-On (SSO). She tells them to go talk to the marketing department. See how many accounts they’re using that IT doesn’t know about and aren’t part of the company’s SSO.

Creating strong passwords is a cornerstone of cyber security awareness. Sometimes people resist using a password manager because they think it will take all day to add all their login information. But it doesn’t have to be complicated. Create the account and add one or two passwords. Then as you log into other accounts on your browser, it will prompt you to save the password to your password manager.

As a bonus, password managers can generate passwords that fit each site’s requirements. And some password managers integrate with Have I Been Pwned and let you know if your password was exposed in a data breach.

The Benefits of Two-Factor Authentication

Two-factor authentication is another easy step you can do to improve your cyber security awareness. It adds an extra layer of security to confirm the person logging in is actually you and not a hacker. Some sites, like Gmail, turn it on for you by default. It tells you during sign-up that two-factor authentication is on, but you can turn it off if you’d like. Most people leave it on.

Whether you use the SMS text option or an authenticator app, two-factor authentication makes a huge difference. Lisa heard of one major tech company announcing that after they enforced two-factor authentication, they haven’t had a single account’s credentials compromised. That’s a huge step forward for cyber security awareness!

Think, if everybody did it, what kind of dent can we make in global cybercrime?

Lisa Plaggemier

If you’re a billionaire, you probably don’t want to rely on SMS authentication. But SMS is fine for the average person who isn’t specifically targeted. Very few people are going to go through the hassle of SIM swapping to get $80 out of your checking account.

Cybercriminals are Not Who You Think They Are

Lisa once saw a cyber security awareness training where phishing emails were shown having little bat wings. Phishing attempts used to be that obvious. They had poor English, bad graphics, and were the kind of things you could laugh about with your colleagues. But now, phishing is targeted, sophisticated, and well-written. The links go to websites that look real. An essential part of cyber security awareness is identifying the real threats even when they don’t appear dangerous.

The hacker trying to tailgate you into the office isn’t wearing a trench coat and hat or a hoodie with the hood pulled up. They look just like anybody else in your office. When a ransomware organization’s internal communications were leaked, it was full of office gossip and complaints that one person got the promotion that another person wanted. Cybercriminals are people just like us.

It’s so much more sophisticated than that. We’re up against a machine.

Lisa Plaggemier
Part of cyber security awareness is knowing criminals don't usually wear hoodies.

The image of a hacker in a hoodie gives the impression that it’s one guy in a basement trying to guess your password. But most cybercriminals aren’t a lone person in a hoodie. Many organizations are run like call centers, with training programs and performance reviews. For a lot of scammers, it’s just their job.

Your Cyber Security Awareness Doesn’t Have to be Perfect

Sometimes there is a mentality that if you’re not doing this huge list of cyber security awareness stuff, it’s not worth doing any of it. And that’s just not true. Lisa is happy when people take any measures at all. Using unique and secure passwords (and a password manager) and enabling two-factor authentication are easy but huge steps to improve your cyber security awareness.

Another step Lisa recommends is reporting scams. If you’ve been scammed or defrauded, report it! There’s often a shame factor or a concern that a report won’t do anything, but Lisa has talked to the FBI and the Secret Service. They want you to report it. From your reports, they get data on trends, evidence for large investigations, and can spot common themes. The scammer who scammed you has other victims, too.

One last important part of cyber security awareness is keeping your software and operating system updated. Updates often contain security patches that are important to fix vulnerabilities. We often see updates and think, “I’m in the middle of something, I’ll do it later.” It’s inconvenient, but getting those patches and updates are essential.

You don’t need to have your online life locked up like Fort Knox to be secure. Just taking a few small steps towards better cyber security awareness can protect you from scams and keep you safer online.

For more resources, visit the National Cybersecurity Alliance online at staysafeonline.org. They have a page on how to change the security and privacy settings of popular apps, an article on how to find out if your computer has a virus, and information on romance scams, online dating, cyberbullying, and almost every topic about staying safe and secure online. If they haven’t covered it yet, fill out the contact form and they will.

Related Articles

All
  • All
  • Easy Prey Podcast
  • General Topics
  • Home Computing
  • IP Addresses
  • Networking
  • Online Privacy
  • Online Safety

The Problem with YouTube’s Algorithm

As a content sharing platform, YouTube has rules that its users must follow. Videos posted on the…

[Read More]
Melissa Trumpower of the BBB talks about the top scams of 2021.

The Top Scams of 2021 and How to Protect Yourself This Year

The top scams of 2021 range across all kinds of tricks and tools. The Better Business Bureau…

[Read More]

What You Need to Know about Privacy Statements and Cookies

At times, online privacy statements are lengthy, convoluted texts of boring legal jargon. Yet, it seems like…

[Read More]

What Happens If Your Investment Account Gets Hacked

You spend most of your adult life saving for retirement, assuming that the money you put away…

[Read More]

How DNSBLs Work: Avoid Getting Blacklisted

When you open your email client, type a message, and hit “send” it seems so easy. You…

[Read More]
Stuart Madnick has been in cybersecurity since 1974 and knows a lot about the costs of cyberattacks.

The Cost of Cyberattacks: Minimizing Risk, Minimizing Damage

Most of us view the internet as a useful and benign tool. But in many ways, it’s…

[Read More]