GlobalSign Blog

20 Oct 2017

Know Your Sources: Why You Shouldn't Blindly Trust What You Read About Cybersecurity

Cybersecurity is a big and conversational topic today. Most of us non-technical folk would have never even understood the concept of HTTPS and padlocks until Google started changing their UI to encourage encryption. Now we’re clambering across the internet looking for ways to avoid those nasty ‘not secure’ messages that are on their way.

Business owners, website developers and SEO experts alike are learning about the value of PKI and SSL on the internet. We use search engines to look up answers to our questions like: ‘What is PKI?’, ‘How do SSL Certificates work?’. We use forums to find answers to those implementation and configuration issues we’re having. We use news websites to keep up to date with the latest and greatest in the world of cryptography and security. But do we ever look at where these articles, posts and forum comments are coming from? How can we trust the information we’re reading is accurate?

A Little Background

Before I get into my rant, I wanted to share a little background information on me, so as to set the scene for where my perspective is coming from. I’ve worked in cybersecurity for two years now. Prior to this, I spent five years in marketing communications and before that a degree in English Language and Communications. In the two years I’ve worked at GlobalSign, I’ve learnt a lot about cybersecurity and public key infrastructure. I mean, A LOT.

Since the blog is where I tend to work, I will focus on that but what I am about to say holds true for any type of content we create at GlobalSign.

I hold a blog brainstorm where members of staff discuss the content that we will post in the coming period, whether that be a keyword or keyphrase we’re targeting or a bit of thought leadership we want to address. We also take time to assign blog authors to this. If someone in marketing is charged with writing a blog post, the process is never as simple as write, publish, distribute.

Depending on how technical the content is, often a member of Product Management, Infrastructure or Sales Engineering is brought on to assist. They would hand a bulk of the information over to us (normally in an informal conversation) so we can articulate it in a nice and search engine friendly way. The same technical expert will read the post after it’s been drafted to make sure it’s accurate. If needed, another technical person is brought on to read it as well. Once the technical side of the content is fully approved, we still have to get the blog approved by our marketing content manager (for messaging) and a final read through from our senior marketing manager for grammar and style.

That all goes into making one post.

Why are we this thorough? Because we are speaking to a highly technical community of people who are looking for answers to specific questions and don’t want to be misled. Trust is as important to us cryptographically as it is communicatively. We want you to trust what we write about PKI and encryption is true because it IS true. That trust goes a long way in helping you do a better job at cybersecurity and therefore making the internet a safer and more secure place.

Who’s Writing the Cybersecurity Content You Read?

Luckily the IT community cannot be fooled by inaccurate content so easily, but what about business leaders, SEO experts and website designers? If they land on an article tomorrow about cybersecurity, how would they know what they’re reading is accurate? How would they know the content is true?

The truth is, they don’t. And this is part of the problem with the internet today and the reason for campaigns fighting fake news articles online. Yes I did say ‘fake news’, but don’t worry I’m not anti-journalism. I’m just against misleading people.

One of our sales reps put it quite nicely in a LinkedIn post when he said:

There’s so much information about SSL that is written by marketing ‘gurus’.  Regardless of the boosts to SEO and Google rankings that having HTTPS on a website provides, that’s not why SSL Certificates were developed.

SSL Certificates were designed to identify who you are speaking to when using a website and to ensure that no one else can see what you're saying. That is all. The rest is just an incentive to encourage security.

If you’re using SSL purely to drive conversions rather than to protect your customers and your business, then you have the wrong mind-set.

A big part of this problem is, as he quite rightly puts it, non-cybersecurity experts writing about cybersecurity. SEO experts, for example, explaining how to install and configure an SSL are probably not in the right mind-set and while they’re all contributing to the wider justification for encryption, they can sometimes, without meaning to, give completely inaccurate information to their readers.

The other failing is when a cybersecurity company hires a content writer to write their content. This is normally good practice in a number of other industries and on some levels cybersecurity too. But what happens when you’re trying to explain the intricacies of data centre security or a vulnerability in the heart of a file library? You don’t understand IT let alone crypto, how can you really go about explaining it to the best of your knowledge? What happens when a crypto expert does land on your post and realizes how misleading it is? Your organization is going to suffer because it will lose trust and it will lead people to making business decisions based on false information.

Reading Isn’t Enough

I asked my LinkedIn connections a simple question. When you read a blog or online article, do you care who the author is? Does that matter to your trust in that article? While a couple responded that they look at the author with a pinch of salt, most did not even consider the author to be valuable to their process of consuming content.

Remember, trust is important in written communication too. You need to build trust with publications and authors in order to avoid having the wrong information handed to you. Wrong information could be used in a presentation to your superiors, as part of a change management project or worse, it could just waste a great deal of your time.

It is as much a business’ or author’s responsibility to try and be accurate, as it is our responsibility to not believe everything we read on the internet. We need to make our own assumptions based on the information that we have. So next time you read a cybersecurity article online, I want you to ask yourself:

  • Who is writing this?
  • What company do they work for?
  • What gives them the credibility to write this?
  • What’s their motive for writing this, what do they get out of it?
  • What other posts like this have they authored?
  • Do they link to external reports backing up their statements? Did they do enough research?

The last one is of extra importance. If they are linking to other blog articles written by similarly questionable authors, that’s not always enough. If, however, they are linking to high quality trustworthy sites, reports and research that back up what they say, then they are one step closer to having gained that trust.

So I want to leave you with this simple action - next time you read a cybersecurity article claiming to give you all the answers, read the article with the above questions in mind and ask yourself if you think you can trust the information being given to you.

Want to discuss this topic further? Feel free to write a comment below or reach out to me on Twitter @globalsign.

Share this Post

Write for Us

Apply Now

Subscribe to our Blog