Cyber hygiene remains on the periphery of the average Ukrainian citizen’s attention. Such a frivolous approach to this important concept poses both an individual threat to each person and to the state as a whole. That is why more and more government agencies and enterprises are integrating the principles of cyber hygiene into their activities. The importance of cyber awareness is especially evident today, during a full-scale aggression. These difficult times are a kind of litmus test for the cybersphere. Why? Cyberspace is now the second front. Secondly, it is security that guarantees the stability of government information systems and data integrity.
Andrii Nikitenko, Senior Project Lead, Cybersecurity, CRDF Global, explains why cybersecurity in the country depends on each of us and what role CRDF Global plays in supporting initiatives to raise cyber awareness.
Why is the issue of cyber hygiene gaining relevance? It’s simple: cyberspace is an integral part of the life of the entire population today. For convenience, it is better to imagine the Internet as a separate world with its own rules, laws and, of course, those who violate them. The latter often take advantage of our indiscretions to achieve their goals. To do this, black hackers resort to phishing (luring) and social engineering (psychological manipulation to gain access to information). These methods are the access point to us and the data we own. We are at risk when we connect to the network. And it’s not just about conducting sensitive transactions online. Cyber hygiene begins when we pick up our phones and tag our favorite coffee shop in social media posts, respond to strangers’ messages recklessly, or do not pay attention to our friends’ messages in an unusual manner.
Cyber hygiene begins when we pick up our phones
In fact, any unusual behavior online should be treated in the same way as suspicious actions offline. This also goes for your own behavior. Yes, an online thief won’t physically harm you, but because of your carelessness, they can get all the data about the institution you work at or take possession of your funds. Therefore, the rules of cyber hygiene are, in a way, manners and skills of self-defense in the digital world. It is extremely important to popularize this idea among the general population.
Since 2018, CRDF Global in Ukraine has been working to develop a culture of cyber hygiene at all levels. This includes special trainings for civil servants, academia, and school students. In 2022, the organization launched a special information and communication campaign to raise public awareness of the basic rules of cybersecurity and cyberhygiene. The initiative is aimed at all age groups and takes into account the characteristics of each of them for a more individualized approach.
Rules of cyber hygiene are the manners and skills of self-defense in the digital world
As the campaign progressed, we analyzed the effectiveness of its measures. Thus, a study conducted by CRDF Global together with Info Sapiens in April 2022 found that the population of Ukraine is showing a gradual increase in cybersecurity awareness. However, it is important to note that knowledge of basic cyber hygiene rules differs among different age groups. Thus, young people aged 18-25 are the most knowledgeable: 29% of respondents say they are familiar with the concept of cybersecurity (compared to 18% in 2021). Teenagers ranked second: 23% of them are familiar with the concept of cybersecurity. Among adults aged 18-59, 18% are well aware of cybersecurity, and only 7% of older respondents are well aware.
At the same time, despite the fact that the level of knowledge is growing, the overall trend of using cyber hygiene rules is not satisfactory.
How to promote awareness of cyber hygiene rules?
There are two key components to consider in this process: regulatory and informational.
The classic governmental approach of encouraging institutions implement cyber hygiene principles can be either incentivizing or introducing regulatory mechanisms. The ideal option is a successful combination of both, with an emphasis on incentives. It is not just a matter of conducting a one-time training, but of ongoing support. Government or business leaders must understand that if they want to create a reliable cybersecurity system, it must apply to all employees without exception.
It is important not to forget about communication. Establishing a dialog with the public allows you to properly position the ideas of cyber hygiene, appealing purely to facts. Let’s look at a simple example: disseminating information about the positive economic impact of increasing cybersecurity will increase the chance that companies will start developing this area. Likewise, the message that knowledge of cyber hygiene rules will reduce the risk of identity theft or money being stolen by fraudsters will affect the average citizen.
It is a comprehensive approach to the issue that will allow us to further develop the resilience of the cybersecurity system in Ukraine.
