Check your sources: do not believe everything we write about cybersecurity

Today, cybersecurity makes a lot of talk about it. Most of us, non-techies at heart, would have never even understood the concept of HTTPS and the padlock icon if Google had not started to  change its user interface  to encourage encryption. However, we are currently browsing the Web looking for solutions to avoid these unwanted warning messages that will soon be entering.

Entrepreneurs, website developers, and SEO experts are now learning about the benefits of SSL and Public Key Management (PKI) infrastructure on the Internet. We rely on search engines to shed light on what a PKI is and how SSL certificates work. We also use forums to find answers to our implementation and configuration issues. At the same time, news sites keep us up-to-date with the latest evolutions and feats in the world of cryptography and security. But now, do we ever check the origin of these articles, blog posts and other comments on the forums? How to be sure that what we read is accurate?

Let's set the scene

Before starting my diatribe, I wanted to share with you some information about me, so that you better understand where my point of view comes from. I have been working for two years in the cybersecurity sector. Graduated in English language and communication, I first spent five years in the world of marketing. During the last two years at GlobalSign, I have learned a lot about cybersecurity and public key management (PKI) infrastructure. And I weigh my words.

Since I work mostly on the blog, I will focus on it. However, the following applies to all content types signed by GlobalSign.

I'm organizing a brainstorming group for the blog, in which my colleagues discuss the content of upcoming posts, whether it's targeting a word or key phrase or exposing our expert opinion on a particular topic. We also take the time to designate the authors of these tickets. If a member of the marketing team has to write for the blog, the process is never limited to just writing, publishing, and publishing.

Depending on the degree of sophistication of the content, a member of the product team, the infrastructure team or the commercial engineering team will often lend a hand. These technical collaborators will send us raw information (usually in the context of an informal conversation), which we will structure in a clear way, optimizing them for the search engines. Then, these same experts will read our ticket to check its accuracy. If needed, another technical profile will read it as well. Once the technical content is approved in its entirety, the ticket must still be submitted to the validation of our marketing content manager (message), before being finally read by our senior marketing manager (grammar and style).

That's the whole point for a single blog post.

Why are we so thorough? Because we are addressing a very "technical" community looking for answers to specific questions. They do not wish to be misled. Trust is an essential component of our cryptographic solutions and content. You need to be able to trust our information about encryption and PKI infrastructure without fear. Thus, we help you to better ensure your cybersecurity, with the key to a safer and more secure Internet.

Problem: cybersecurity content writers

If the IT community is not easily fooled by inaccurate content, what happens to business leaders, SEO experts, and website creators? If tomorrow they found an article on cybersecurity, how could they ensure the accuracy and veracity of the information provided?

Quite frankly, they have no way of checking. This is one of the problems on the Internet today that led to campaigns against "fake information" online. The word is dropped: "information bogus" (the famous "fake news" in English). But do not worry, I'm not here against journalism. I can not stand to mislead professionals.

As one of our sales representatives put it so well on LinkedIn:

You will find so much information about SSL that is written by marketing gurus. Admittedly, the HTTPS protocol on a website boosts your SEO and ranking in Google search results. But that's not why SSL certificates were created.

They are designed to help you identify who you are talking to when using a website and to make sure no one else sees what you are typing. That's all. The rest only aims to encourage security.

If you use SSL to boost your conversion rates rather than protecting your customers and your business, you're wrong.

Here, he identifies very well the heart of the problem, namely the writing of content on cybersecurity by authors without expertise. For example, when they tell you how to install and configure an SSL certificate, SEO experts probably do not adopt the right approach. Thus, while they all help to justify increased use of encryption, they may sometimes inadvertently provide inaccurate information to their readers.

Another mistake of cybersecurity companies: entrust the writing of their content to a copywriter, or copywriter. This is normally part of good practice in a number of areas, such as cybersecurity to a certain extent. But now, how will this editor transcribe the subtleties of data center security, or those of a vulnerability housed in the heart of a file library? If information technology and, a fortiori, encryption are not familiar to him, how will he explain these concepts? Finally, what will happen when a specialist finds your ticket full of inaccuracies? Your company's trust rating will suffer and you will mislead decision makers.

Solution: Analyze your readings

I asked a simple question to my LinkedIn contacts. "When you read a blog post or article online, do you pay attention to the author? Does his identity influence the credit you give him? While some view the author with a skeptical eye, most content consumers do not even consider his identity as a determining factor.

Remember: trust also plays an important role in written communication. You must be able to rely on the publications and authors you read to avoid misinformation. Otherwise, you risk inserting them in a presentation to your superiors, building a whole change management project around this information or even worse, wasting a lot of time.

Of course, it is up to both companies and authors to ensure the accuracy of their content. But it's up to us not to believe everything we read on the Internet. We have to make our own assumptions based on the information we have. So when you read your next article on cybersecurity online, ask yourself the right questions:

• Who is the author ?
• For which company does he work?
• How is he qualified to write this article?
• What is the purpose of this content? What does the company gain?
• What other articles of this type did he write?
• Does he mention external reports to support his statements? Has he done enough research?

The last point is essential. If the author refers to other blog posts written by people whose legitimacy is equally questionable, this is not always enough. But if he sends you to reliable, quality sites and reports that corroborate what he says, he is more likely to deserve your trust.

Finally, I would like to invite you to adopt this simple approach: the next time you read an article on cybersecurity and the author claims to have an answer to everything, ask yourself the questions above and ask yourself if the information provided is trustworthy.