REDMOND, Wash., Oct. 3, 2005 – With more and more people using the Web for work and for fun, it is important to ensure everyone clearly understands how to safely navigate the Internet and protect themselves from scammers and criminals. In October, Microsoft is teaming up with the Washington, D.C.-based National Cyber Security Alliance (NCSA) and others to help raise awareness of cyber security and promote good online safety habits. The effort is part of the second annual National Cyber Security Awareness Month. Along with the U.S. Federal Trade Commission (FTC), Microsoft, the NCSA and others will feature entertaining and educational programs, events and initiatives throughout the month, targeting home users, students (K-12 and higher education) and small businesses.
To learn more about National Cyber Security Awareness Month and what consumers can do to stay safe online, PressPass spoke with Ron Teixiera, executive director of NCSA, and Scott Charney, chief security strategist and vice president of Trustworthy Computing at Microsoft.
Press Pass: How would you characterize general public awareness about cyber security today, compared to last year’s inaugural Cyber Security Awareness event?
Teixiera: There’s a lot more interest this year, specifically involvement from the private and public sectors, and also from universities and colleges – everyone is starting to realize that online security and identity theft are directly linked. Collectively, we feel that it is incredibly important that we educate users to help prevent them from becoming victims of malicious attacks or scams.Charney: Although there’s greater awareness, which is encouraging, it is unfortunate that some of that awareness results from a series of high profile computer-security incidents. The good news is, a lot of work HAS been done – most of the major companies in the IT space, as well as those who use the IT infrastructure heavily, such as financial institutions as just one example, are addressing the issue. Additionally, through a public-private partnership, companies and governments are working together to improve online safety.
Press Pass: That’s an interesting point. What do you see as the key areas of cooperation between private and public sectors in advancing public awareness of cyber security? What roles should each play?
Teixiera: I would describe NCSA as a go-to source and facilitator – a one-stop shop where the consumer, public and private entities can come together and talk about issues and develop practical solutions collaboratively. We try to build on our government partners’ experience dealing with off-line crime, coupled with our private companies’ technical strengths, to help educate consumers on practical steps they can take to stay safe online.
Charney: First, both the IT industry and the government have the ability to reach out to the user community and educate them on security best practices. By doing this in a coordinated fashion – with each leveraging the work of the other – that message is all the more powerful. Second, both industry and government use technology and, by securing their own networks, can help develop best practices and lead by example. Third, both industry and government can conduct research in the security field. Finally, industry and government can work together to help ensure that cyber criminals are brought to justice.
PressPass: What do you see as the biggest cyber-security challenges we face right now?
Charney: One concern is that the nature of the threat is evolving. In the early years of computing, many hackers were exploring computer networks and probing for faults, but they were not dedicated criminals. As the technology became more mainstream, criminals started moving to the Internet. The problem is that the Internet was designed to facilitate communication among a small and trusted group. Even after the Internet became a public resource, there was little attention paid to security. That has, of course, changed, and vendors are now developing software with security in mind. But, it remains true that a user on the Internet can be anonymous, reach targets globally and be hard to trace. Those attributes – anonymity, global connectivity, and lack of traceability – are attractive to criminals and criminal organizations.
Scott Charney, Vice President, Trustworthy Computing, and Chief Security Strategist, Microsoft Corporation
Teixiera: The most significant and rapidly growing threat Internet users are facing today is phishing scams. For example, the recent devastation caused by the hurricanes Katrina and Rita provided criminals with the opportunity to establish Web sites that posed as online charities to lure in potential donors and obtain their financial information. Scammers make use of events like these to defraud people – a lot of people want to give to the victims, and this makes them vulnerable. Fraudsters understand this, and can send unsolicited e-mails asking for money, posing as legitimate charities. Consumers don’t always know that they are actually being victimized.
Press Pass: What are the best practices you are advocating as part of Cyber Security Awareness Month?
Teixiera: I like to use this analogy: you can have the best home security system, but if you leave the windows open, the burglars will get in. The same rules apply in cyberspace. Getting people to change their behavior is our biggest challenge. We did a major study last year and found that most consumers are aware of the dangers of the Internet, but they still don’t update their virus software and turn on their firewalls. We still need to educate consumers and make them aware of the resources available to help them protect their personal information.
Charney: From a technology perspective, we urge users to do three things: (1) use a firewall, (2) use an anti-virus product, and (3) keep your software, including your anti-virus software, updated. This is not hard at all: Microsoft Windows, for example, provides a firewall which is on by default in Windows XP SP2, and both Microsoft and anti-virus vendors offer automatic updating for software. Because new threats like spyware have evolved, we’re also now urging people to use anti-spyware software as an additional fourth step. For more information, users can simply visit www.microsoft.com/protect or www.staysafeonline.info. As Ron said, behavior is a big issue. Criminals rely on the trusting nature of computer users to facilitate their crimes. In the physical world, we do have an intuitive sense of safety; one would not walk down a dark street in a high-crime area. But when we use our computers, we are often safely seated in our own homes and have no sense of danger. Therefore, we need to educate people if we want them to understand that a bank will never send them an e-mail asking them to disclose personal information such as a Social Security number. That’s why Microsoft is helping to sponsor awareness activities throughout the month to help educate people on how to take simple and effective steps to ensure their safety.
PressPass: You’ve both commented that there seems to be a greater awareness in general than in years past. But what does that really look like? How would you describe the overall sense of awareness and preparedness of consumers around cyber security?
Charney: We are always looking for opportunities to educate people on how they can use the Internet and PCs safely. We need to educate everyone: not just adult users but children, their parents and their teachers. We teach our children good online safety habits. This includes teaching them not to give out personal information, not to go meet with someone they have met over the Internet, and to notify their parents or another trusted adult whenever they see anything that makes them uncomfortable.
Teixiera: One specific example is part of a K-12 education campaign in which we are currently conducting a survey of fourth and sixth graders, just to test for their awareness surrounding security. By the time we complete the survey, we will have talked to 2,000 kids for input. The initial results show a very low awareness around the dangers that lurk online. To us, that signals a need to make sure that schools are involved in educating parents and kids, helping them learn and understand what it means to practice good Internet safety behavior and ultimately get to a place where these things are second nature.
PressPass: If you could say one thing to PC users about cyber security, what would it be?
Teixiera: Even though there are dangers on the Internet, consumers can take practical steps to protect themselves from being the victims of hacks and cyber crime. They should visit our website, www.staysafeonline.info, where several different vendors, including Microsoft, have software that a consumer can use a scan to see if there are viruses on their PC. And this week the Federal Trade Commission launched www.OnGuardOnline.gov, a new site that includes tips, articles, videos and quizzes to help computer users guard against Internet fraud, secure their computers, and protect their personal information.
Charney: The Internet is a wonderful resource but we all need to do our part to ensure it remains safe for use. We need the best possible tools and we need consumers to be very aware of how they can protect themselves. We urge every PC user to check out the tools and tips we have at www.microsoft.com/athome/security and OnGuardOnline.gov, the new website Ron mentioned, which Microsoft teamed with the FTC to help create. Security is a very broad issue and there’s no silver bullet, but it is a huge priority for us. We are going to continue to do our best to create technology that is secure and to provide people with the resources they need to help protect themselves online.