Cybersecurity Awareness and the Bystander Effect

Cybersecurity Awareness and the Bystander Effect

Many reading this are cybersecurity professionals. As such, you understand the security awareness basics: don’t click on links in suspicious emails, don’t share your password, don’t give away your personal information to strangers, etc. That’s why this year’s National Cybersecurity Awareness Month (NCSAM) theme makes sense to you: Own it. Secure it. Protect it.


It makes sense to us, but does it make sense to your kids? Your parents? Members of your community?


In 1964, 28 year-old New Yorker Kitty Genovese was murdered in full view of numerous witnesses. None intervened and none even bothered to call the police until Genovese was already dead. Psychologists studying the case termed it the “bystander effect.” When the bystander effect takes hold, the presence of other individuals discourages people from taking action because they assume someone else will.


At times the bystander effect occurs in the world of information security, and it’s something we have to guard against – especially when our children are at risk.


Before coming to Optiv over six years ago, I was a public school teacher and teacher inservice, or training, was a fact of life. I had to be trained on new curriculum programs, scaffolding, remediation, behavior and more for the 120 students I taught or coached each year. One thing I wasn’t taught, though, was cybersecurity awareness.


That's why the K12 Cybersecurity Resource Center's 2018 Year in Review report isn't shocking to me. During 2018, officials catalogued 115 publicly disclosed cybersecurity incidents that occurred in regular school districts or charter schools. Community size, enrollment size or region within the US didn’t matter – everyone was vulnerable. The incidents break down as follows:


  • Unauthorized disclosure of data by “insiders” (K12 staff, primarily due to human error, and K12 students)
  • Unauthorized disclosure of K12 data by vendors with a relationship to the school district
  • Unauthorized access to data by external threat actors


The FBI even posted an alert in September 2018 encouraging an increase in awareness of cyber threats in the K12 sector. As you may know, many schools have expanded their technology footprint with new education technologies (EdTech) or even 1:1 distribution of devices to students. The data collected and/or shared through EdTech and devices is not limited to academics. It can include PII, biometric data, medical information, geolocation, etc.


What does this mean for you?


OWN IT. As a cybersecurity pro, understand that just as teachers are mandated reporters, you also have a responsibility to ensure your family and community are aware of cybersecurity risks. Avoid the bystander effect.


SECURE IT. Implement the same best practices at home that you carry out at work. Your family, and especially your children, learn by watching you. Ask questions about EdTech and devices they use in school. We know to ask questions and not simply trust that we are protected and secure. Our families need to learn this habit as well.


PROTECT IT. Share the “why” behind the questions you ask so that once your families are out of sight they can take the appropriate action to keep themselves safe and secure.


October is National Cybersecurity Awareness Month, and all of us at Optiv encourage you to think about your awareness levels and behaviors. No matter how great a job you’ve been doing, a little brush-up can only benefit you and your organization. We’ve put together a suite of resources to help promote better cybersecurity practices and you’re invited to download it for free.