Last November, as part of its commitment to the Paris Call on Trust and Security in Cyberspace, the Cybersecurity Tech Accord signatories committed ourselves to taking forward one of the agreement’s nine principles. Principle #7 – Support efforts to strengthen an advanced cyber hygiene for all actors – is both a critical tenet of the Paris Call as well as fundamental to our mission as an organization. Especially during this time of increased public reliance on the digital infrastructure, implementation of good cyber practices that secure the safety and security of our shared online environment has never been more important.
Through individual and collaborative efforts with like-minded organizations, including the CyberGreen Institute, the Global Cyber Alliance, and the Internet Society, the Cybersecurity Tech Accord is working to advance the importance of cyber hygiene by promoting good practices critical to responding to a changing threat environment. This is why we are excited today to launch a three-part video series (part 1 introducing cyber hygiene, part 2 on the email security protocol DMARC, and part 3 on the ways to protect from DNS threats) that begins introducing the basics of cyber hygiene, highlighting some of the most critical steps you can take to keep yourself and your organization safe.
The ongoing COVID-19 pandemic has brought with it unprecedented dependence on the connectivity of digital technology – for our work, to keep in touch with our loved ones, and to receive essential services. Consequently, this abrupt change has rapidly increased the “threat surface” as well when it comes to cyber risk. Nefarious actors are quick to adapt, in both tactics and targets, to these changing environments and prey on the most vulnerable amongst us. Therefore, as more people adopt new online behaviors we need to ensure that cyber hygiene measures continue to be available and accessible at scale, and easily understood by a broad audience, which this new video series hopes to achieve.
Supporting good cyber hygiene has been, and will continue to be, an essential part of the work of the Cybersecurity Tech Accord in living up to our own principles, as well as our commitment to the Paris Call. Our broader efforts to support Paris Call Principle #7 have, to date, included the following:
- Vulnerability policies: In accordance with a commitment we made last year, our goal is to ensure that every signatory upholds and adopts a policy for responsible vulnerability handling, and we are continuing to work towards this commitment together. To date, over 80 of our signatories have now established and implemented a vulnerability disclosure policy to better protect users and customers. They are available for public review on our website and can serve as examples for other organizations looking to implement such a policy.
- Domain Name System (DNS) Security: Serving as the digital equivalent of “if you see something, say something,” we highlighted how businesses can protect themselves from domain name attacks, and delivered a webinar, available for review, that explores the recent wave of DNS attacks and the risks associated with such vulnerabilities.
- Mutually Agreed Norms on Routing Security (MANRS): In partnership with the Internet Society, our joint work on MANRS resulted in an extension of MANRS itself for adoption by cloud and content providers. The latter, including several of our signatories, can now implement a simple set of practices that help reduce the most common threats to routing security.
- Domain-based Message Authentication, Reporting and Conformance (DMARC): We worked with the Global Cyber Alliance to help promote the implementation of DMARC, which prevents unauthorized usage of an organization’s email domain. To help improve email security, and drive wider adoption of DMARC, the Cybersecurity Tech Accord has worked to dispel several DMARC-related “myths” or misperceptions.
- Consumer IoT Initiative: Most recently, and in dialogue with Consumers International, we launched a new initiative, “Stay smart. Stay safely connected,” a digital resource hub and campaign on security for “internet of things” (IoT) consumers and product manufacturers. The campaign helps to improve consumer awareness of the potential security risks from IoT devices and provides steps to take to ensure such products are used securely.
We hope that all of these initiatives continue to help showcase and promote good cyber hygiene for organizations and individuals alike, and that today’s launch of the video series helps these messages to reach an even broader audience, driving greater awareness about the responsibilities we all have to practice good cybersecurity. We look forward to additional opportunities to grow this video series to continue educating and promoting good practices and hope you will join us in raising awareness about the importance of cyber hygiene by checking out the videos and sharing them as widely as possible. These practices truly make a difference to the safety and security of the online environment.