Cyber Security Awareness Month has filled the web with umpteen articles advising us how to make our digital lives more secure. Of course, we’re all in favour of that, but we also believe the road to improved security involves a constant conversation rather than one that lasts a month. 

Full Frame’s weekly news digest is published every week of the year - holidays included - and it has two aims. One is to save you the trouble of having to wade through the vast number of words written on information security and data protection to find the items that are worth reading. But the second is to identify stories that are interesting in their own right.

In practice, this means including items that people will talk about and which support the idea of talking about cybersecurity every day. In the past month alone, we’ve written about the twilight world of surveillance technology, how British Airways could have avoided being hacked, Iran’s extraordinarily extensive efforts to sway public opinion, and what made the Facebook data breach so damaging.

We strive to avoid using jargon (challenging when keeping news items brief), and feedback from readers suggests that the weekly digests do spark conversations, both at home and at work.

Underlying this approach is the idea that people learn best through stories. This idea is supported by extensive academic research and it’s what underpins our training courses We’re strongly opposed to the idea of bombarding people with information and hoping some of it sticks, much better to educate with the use of real world examples.

As cybersecurity people never get tired of repeating, there’s no such thing as absolute security. There are far too many variables for this to be a realistic possibility. But it is entirely possible to reduce risk significantly by making sure basic mistakes are avoided.

Time and again, we see data breaches being caused by misconfigurations or simple errors when using email. Figures from the UK’s data protection regulator, the ICO, demonstrate that half of the data breaches reported to it originate from sending material to people for whom it isn’t intended, usually down to addresses being autofilled, or a failure to use bcc instead of cc.

No matter how many times people are told only to use approved cloud storage services, the siren call of Google Docs remains irresistible. Organisations can try to police this through monitoring, but the only effective control we’ve found is to make sure people understand the risks of unapproved storage solutions so that they object when they come across instances of them being used.

Making cybersecurity part of the everyday conversation means not only improving application security, but it also significantly reduces the risk of becoming the latest victim of business fraud.

There are few organisations which haven’t experienced an attempt to steal from them, either by phone or email or malicious weblink. By walking through real examples, we explain how this happens - and why it’s so easy to be hoodwinked.

This enables us to explain why it’s so important to take care over what’s posted on social media - and who can see it. Many people are unaware of tools like Lusha which scour social media for things like mobile phone numbers (try it for yourself; you might be surprised what you can find out!)

These stories spark conversations which provide knowledge that sticks. So, while having a month dedicated to cybersecurity is undoubtedly a good thing, it’s the ongoing discussion that leads to a lasting improvement in staying safe. That’s why it’s so important the issue remains live beyond the end of the month.