Ride the Lightning

Cybersecurity and Future of Law Practice Blog
by Sharon D. Nelson Esq., President of Sensei Enterprises, Inc.

Jen Easterly’s Advice: Cut the “Nerdspeak” of Cybersecurity

July 28, 2022

The Washington Post reported (gift article) on July 26 that CISA’s director, Jen Easterly, wants to cut out the “nerdspeak” which is so common in cybersecurity.

As head of the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA), Easterly is trying to demystify cyber with different messages and terminology, whether she’s talking to a K-12 student or a company chief information officer.

“Every engagement that I have, I am incredibly deliberate about the messaging and the communications behind that,” she told me in a Monday interview. “People who are technical and in cyber, I think, are not as deliberate as they should be about being good storytellers.”

Take a look at CISA’s “More Than a Password” campaign (https://www.cisa.gov/mfa) to convince people to adopt multi-factor authentication, which involves verifying a sign-on with a second device such as a code sent via text message. But the phrase “multi-factor authentication” makes “eyes glaze over,” Easterly said.

True enough, though I’m not sure about her thought to replace the word cybersecurity with “data care.” These days, I think most folks know what cybersecurity is.

A top White House official said major tech executives estimated last year that multi-factor authentication could stop 80 to 90 percent of all cyberattacks. How many people use it? Twitter said last year that only 2.3 percent of users enabled it, while password management service LastPass said 57 percent of businesses worldwide use multi-factor authentication.

I can tell you that virtually all of the law firms to which Sensei provides managed IT and cybersecurity services have made the move to 2FA. I think 2FA has become an ethical requirement since it is so effective (and often free) and fits the definition of “reasonable care” when it comes to protecting client data.  Monitoring for a data breach and using endpoint detection and response also seem to me to be “reasonable” steps to take to protect confidential data.

Easterly is a passionate advocate for making cybersecurity “as simple as possible.” And that is why you tell stories and translate the technical language into words the non-techies can understand. As frequent speakers, John and I have been doing that for as long as we can remember.

It is critically important that we do that when we teach “Cybersecurity Awareness Training for Law Firm Employees.” If attendees don’t understand what you are saying and if you don’t show them examples (i.e. phishing) or tell them stories, the messages you are trying to convey won’t stick!

Sharon D. Nelson, Esq., PresidentSensei Enterprises, Inc.
3975 University Drive, Suite 225Fairfax, VA 22030
Email:   Phone: 703-359-0700
Digital Forensics/Cybersecurity/Information Technology