Find out the truth behind the security guidelines.
The cybersecurity instructions you receive at work may cause confusion? You are not alone. According to a recent study, there are a number of problems in the wording of these guidelines. The authors suggest simple measures to improve the guidelines, which is likely to lead to increased employee literacy in computer security.
The main issue concerns the cybersecurity protocols provided by institutions-from businesses to government agencies-to their employees. The purpose of these protocols is to help employees protect their personal and corporate data from threats such as malware and social engineering attacks.
Brad Reeves, the corresponding author of the study and an assistant professor of computer science at the University of North Carolina, notes: "In some cases, I don't even know where the advice is coming from or what it's based on. Who writes these guides? What do they base their advice on?"
The study included 21 in-depth interviews with professionals responsible for writing cybersecurity guidelines for large corporations, universities, and government agencies. The main conclusion: the authors try to provide as much information as possible, but do not highlight the most important points.
One of the reasons why instructions can be so overloaded is that their authors try to take into account all possible recommendations from various authoritative sources, rather than selecting the most relevant ones.
Based on the data obtained, the researchers formulated two suggestions for improving future instructions. First, authors need a set of best practices for selecting information. Second, the cybersecurity community must develop key messages that are understandable to audiences with different levels of technical training.
Reeves adds ," We need to create guidelines that are easy to understand and apply." On a final note, he emphasizes the importance of supporting the authors of the recommendations, as they play a key role in turning cybersecurity discoveries into practical advice.
"I also want to emphasize that in the event of a computer security incident, we should not blame an employee for not following one of the thousands of security rules. We need to do a better job of creating guidelines that are easy to understand and implement."
The cybersecurity instructions you receive at work may cause confusion? You are not alone. According to a recent study, there are a number of problems in the wording of these guidelines. The authors suggest simple measures to improve the guidelines, which is likely to lead to increased employee literacy in computer security.
The main issue concerns the cybersecurity protocols provided by institutions-from businesses to government agencies-to their employees. The purpose of these protocols is to help employees protect their personal and corporate data from threats such as malware and social engineering attacks.
Brad Reeves, the corresponding author of the study and an assistant professor of computer science at the University of North Carolina, notes: "In some cases, I don't even know where the advice is coming from or what it's based on. Who writes these guides? What do they base their advice on?"
The study included 21 in-depth interviews with professionals responsible for writing cybersecurity guidelines for large corporations, universities, and government agencies. The main conclusion: the authors try to provide as much information as possible, but do not highlight the most important points.
One of the reasons why instructions can be so overloaded is that their authors try to take into account all possible recommendations from various authoritative sources, rather than selecting the most relevant ones.
Based on the data obtained, the researchers formulated two suggestions for improving future instructions. First, authors need a set of best practices for selecting information. Second, the cybersecurity community must develop key messages that are understandable to audiences with different levels of technical training.
Reeves adds ," We need to create guidelines that are easy to understand and apply." On a final note, he emphasizes the importance of supporting the authors of the recommendations, as they play a key role in turning cybersecurity discoveries into practical advice.
"I also want to emphasize that in the event of a computer security incident, we should not blame an employee for not following one of the thousands of security rules. We need to do a better job of creating guidelines that are easy to understand and implement."
