As we dive headfirst into National Cybersecurity Awareness Month, it seems only fitting to discuss ways to stay on top of developments in modern cybersecurity and privacy. What's the best way to stay protected? How can you determine if something is a scam? Which big company has been breached now?
The topic of security features heavily across many industries, blogs, and news channels simply because of the current state of affairs. It seems like every day we hear about a new major data breach, affecting thousands—if not millions—of people. From retailers like Target to social media sites such as Facebook to more prominent credit agencies like Equifax—no one is safe.
The uncontrolled nature of attacks coupled with the 24/7 news cycle make it downright overwhelming to keep up with all the cybersecurity information lobbed at us. The widespread release of new attacks, data breaches, systems failures, and malware use have led many to a feeling of security fatigue. We’re essentially all at a point where we’re sick and tired of hearing about it, and frankly disappointed in many companies and individuals who continually fail to protect the data they are responsible for.
Fatigue or not, we shouldn't collectively ignore what’s happening in the world of cybersecurity right now. We all have a duty to not only protect ourselves, but also our communities, countries, and world over by staying in the know. You can contribute by keeping your knowledge up-to-date and employing a few simple strategies to capture the good information out there and weed out the bad.
1. Follow security professionals and influencersWe live in the information age, where knowledge is digital, recorded and streamed for posterity, stored in giant servers, and available at the entry of a search term. You can acquire new information and expand your knowledge in a variety of ways, according to your preferred methods.
For example, you can glean information from more traditional sources such as news websites and blogs from security experts, but you can also turn to social media, attend webinars and conferences, or communicate directly with someone well-versed in the field.
You could even bring it up at the office water cooler or by making small talk with parents at your child's school—cybersecurity is covered so much in the media now that it's become fodder for mainstream chatter. Many will happily discuss more than the just latest breach, possibly drawing up a debate on which security solution is the best or offering up ways in which you can protect yourself from attack.
Whatever you choose, you’ll want to follow some of the top security professionals for the best guidance. Some of my favorites include:
- Bruce Schneier
- Brian Krebs
- Richard Bejtlich’s TaoSecurity
- Shira Rubinoff
- Magda Chelly
2. Browse security-related social media topicsMost social media networks are great resources for digging up additional content, such as news stories (real ones), videos, opinions, and other posts. In addition, they're home to a treasure trove of supplemental information on local, national, and global events, career opportunities, top cybersecurity businesses, and more. Of course, social media is not the only place you’ll want to acquire information from, but it can serve as a complement to some of the other channels on this list.
Twitter is especially useful if you know which trends and hashtags to search, as well as who to follow. It allows you to see discussions about current events in real time so you can be right there, in the moment, when things play out.
Twitter lists are also great for creating a niche content feed. You can specify which security vendors, influencers, and developers you'd like to be in your list (or lists), and filter Tweets accordingly. Lists have the added benefit of weeding out noise not pertinent to a particular group—you can focus on a single topic or community.
3. Attend live eventsBelieve it or not, there’s a huge market for live, in-person cybersecurity events. This includes so much more than conferences, or “cons.” You might also attend lectures, discussions, workshops, networking events, educational courses, or sponsored meet ups.
Web-based events present another great avenue, such as webinars and online community conference calls. Some of the best live cybersecurity speakers will attend such events or be asked to participate, and it stands to reason you can learn a lot from any one of them.
So how do you find such events? You have to keep a pulse on when, where, and what's happening around you. Local newspapers are great resources for event listings. And of course, there's always trusty-old Google. Luckily, some of the other channels mentioned in this article will also help keep you informed.
4. Check vulnerability and risk advisory feedsOne cannot overstate the need to remain aware of security vulnerabilities discovered in both new and old technologies—especially for business owners. Web browsers, apps, software, operating systems, and a variety of the personal or professional tools you use may have been compromised or attacked.
You should make a habit of checking vulnerability alert feeds and advisory sites to ensure the protection of your personal and corporate data. Here’s a quick list:
- Have I Been Pwned
- US-CERT/United States Computer Emergency Readiness Team
- National Vulnerability Database
- Full Disclosure or SecLists.org
- SANS Internet Storm Center
5. Listen to a podcastWe all lead busy lives—maybe you don't have time to read article after article. But what about the time you spend driving, walking, or traveling? Podcasts fill this time nicely, as you can listen to them on-the-go and multi-task while doing so.
Podcasts can be found—and listened to—through a variety of channels, including media apps, music libraries such as iTunes or Spotify, Amazon, or even YouTube.
6. Customize your own real-time alertsUsing a tool such as IFTTT—which stands for If This Then That—you can set up customized alerts for all things cybersecurity.
The subreddit r/netsec, for example, is one of the most popular curated forums for cybersecurity news and information. You can configure IFTTT so it sends you push notifications or emails when something gains popularity on the subreddit. The headlines will populate in the taskbar of your mobile device allowing you to gauge whether or not the story is worth your time.
The r/netsec example is just one of many, of course. You can configure any trusted sites or community forums to send you alerts via RSS feed as you see fit.
Just keep consumingIf you want to stay as close to the bleeding edge of cybersecurity as you can, continue to consume content, whether that's by reading, listening, talking, watching videos, or attending live events. Understand that as you learn, the industry will continue to evolve, so staying on top of cybersecurity developments means adapting to an ever-shifting landscape. It’s unfortunately not enough anymore to glance at one article and call it a day.
While you understandably won’t have the time or inclination to invest every waking hour in your cybersecurity pursuits, you can certainly remain in-the-know without losing your mind by carefully curating and streamlining online information, and turning to sources you trust. There are plenty of ways to make yourself crazy. Learning more about cybersecurity shouldn't be one of them.