The importance of integrating cybersecurity awareness in the age of BEAD and digital equity

Editor's Note: Connected Nation (CN) has worked in the broadband space for nearly 25 years. Recognizing the current landscape is changing rapidly, CN is publishing a series of blogs and white papers from our experts that are meant to inform, educate, and assist local, state, and federal stakeholders navigate this challenging time. 

If there is an issue you would like explored, please email us at info@connectednation.org.

-----

by Michael Ramage, Strategic Broadband Advisor 

Bowling Green, Ky. (October 1, 2024) - As the United States continues on its transformative effort to truly bridge the Digital Divide, the Broadband Equity, Access, and Deployment (BEAD) program is set to bring millions of unconnected Americans online for the first time. This expansion promises significant benefits to each new user, including increased access to education, health care and economic opportunities, particularly in rural and low-income communities.

However, as we should celebrate the benefits we will gain, we must enter these new times with a complete understanding of the darker side of the internet that must be acknowledged and addressed.

As more people gain access to high-speed broadband infrastructure, cybercriminals will have more opportunities to exploit those unfamiliar with the online world. These new users often lack the knowledge to protect themselves from cyberattacks, making them easy targets. Broadband providers, government, and nonprofit organizations should recognize this emerging risk and take proactive steps to improve their cybersecurity strategies. These efforts will help protect the provider networks and, more importantly, ensure that the individuals they serve are prepared for the dangers that come with internet access.

This blog will delve into a few of the crucial cybersecurity concepts and activities broadband planning entities should adopt to safeguard their digital infrastructure. It will also underscore the pivotal role digital equity programs, particularly those focused on cybersecurity, play in preparing new users for online safety.

The evolving cyber threat landscape

As broadband access expands, the cyber threat landscape evolves alongside it. New, naive users are prime targets for a range of cyber threats, including ransomware, phishing, and nation-state attacks. The complexity of these threats is amplified as more users — particularly first-time users — connect to government systems and new commercial services. Cybercriminals frequently exploit these users’ lack of cybersecurity awareness, often using deceptive tactics to gain unauthorized access to sensitive systems or data.

While some nation-states (highly skilled government-affiliated cybercriminals carry out cyberattacks against other nations) are stealing data to collect, it is worth noting that cybercriminals don’t want anyone’s data; they want to use your data to make money.  Often, stealing data from a person or using that data to exploit access to systems is an effective way for cybercriminals to make money. In some countries, the average annual salary could be as low as $5,000, so making even a small amount from a ransomware attack could be a life-changing event for a hacker.

New broadband users are at a higher risk. Many may have limited digital literacy, making them more susceptible to phishing emails, social engineering scams, and other forms of online fraud. As these individuals become targets, government networks and systems also become more exposed. The stakes are high — cyber breaches can lead to data theft, service disruptions, and even the compromise of critical infrastructure.

Recognizing the broader scope of risks associated with expanding internet access is the first step toward building more robust security measures. State governments and their partner nonprofit organizations must stay vigilant and ensure their systems are resilient against the ever-changing threat landscape.

Cybersecurity training through digital equity programs

One of the most effective ways to mitigate these risks to individuals and organizations is through comprehensive cybersecurity training integrated into digital equity initiatives. Digital literacy should no longer be limited to learning how to browse the internet or use a computer. Today, digital equity programs must include cybersecurity training as a core component, especially for first-time users.

State governments and nonprofit organizations can lead in developing and delivering this training. By partnering with local organizations, libraries, schools, and internet service providers (ISPs), nonprofits and government organizations can provide accessible and targeted training that prepares individuals for the online world. Such programs could cover topics including: 

• Creating strong, unique passwords
• Enabling multi-factor authentication (MFA) on all accounts possible
• Being cautious with suspicious links in email
• Keeping software and devices up-to-date.
• Learning the basics of data privacy and online security tools
• Using secure Wi-Fi networks
• Settings for social media privacy
• Backing up files on a regular basis

This education not only helps individuals protect themselves but also strengthens communities' overall cybersecurity posture by reducing the likelihood of large-scale breaches caused by untrained users. This, in turn, reduces the overall risk to government networks and services as more users come online.

New risks for first-time broadband users

The goal of the BEAD program is to connect as many people as possible. However, like any technological advancement, it comes with inherent risks. Many new broadband users will come from low-income, rural, or underserved communities. These users may not have had prior access to the internet, leaving them unprepared for the types of cyber threats that are now commonplace. As previously noted, these new users might also be unfamiliar with basic security practices, such as updating software, managing secure passwords, or avoiding suspicious downloads.

Here are a few (though not all) of the risks that first-time users face:

• Phishing and email scams: Phishing remains one of the most common forms of cyberattacks among all internet users. Users, including newly connected broadband users, unfamiliar with how to recognize fake emails could be lured into clicking malicious links or providing personal information.
• Ransomware attacks: Cybercriminals often target individuals and small organizations by encrypting their data and demanding payment for its release. New users may be targeted due to their lack of knowledge about the risks and low likelihood of backing up files.
• Social engineering: Bad actors use deception to trick people into divulging sensitive information. New users are more likely to be unaware of signs of a social engineering scam and may mistakenly give away personal or financial data.
• Weak passwords and account takeovers: Many first-time internet users may not realize the importance of creating strong, unique passwords for each account.

Without adequate training and preparation, these risks can result in devastating consequences for individuals and communities alike. State governments and nonprofit organizations must address these vulnerabilities by embedding cybersecurity education into digital equity programs.

The role of state leadership in cybersecurity

State and local governments and their nonprofit partners play a crucial role in leading cybersecurity efforts. While federal organizations like the Cybersecurity and Infrastructure Security Agency (CISA) provide overarching frameworks and guidance, state-level initiatives are needed to ensure that communities are adequately prepared for the risks associated with increased connectivity.

Here’s how state governments can take the lead:

• Develop comprehensive cybersecurity programs: States should establish and finance cybersecurity education programs tailored for new broadband users. These programs can be provided through libraries, schools, and community centers and be accessible to all via virtual formats.
• Provide accessible resources: Governments can collaborate with organizations to provide free or discounted cybersecurity tools, such as antivirus software, password managers, and VPN services, to ensure that individuals with limited resources can safeguard themselves.
• Partner with internet service providers (ISPs): ISPs play a vital role in providing secure connections. States can collaborate with ISPs to ensure that cybersecurity information is offered to new broadband users, particularly those unfamiliar with online risks.
• Incentivize participation in cybersecurity training: Governments can incentivize individuals to complete cybersecurity training programs by offering discounted internet services or access to additional digital resources for participants.
• Public awareness campaigns: Organizations can initiate cybersecurity awareness campaigns targeting newly connected communities to educate them about online threats. These campaigns may include public service announcements, social media campaigns, and collaborations with local influencers to reach wider audiences.

Conclusion: The secure path forward

The BEAD program represents a tremendous opportunity to close the Digital Divide and bring millions of Americans online. However, with this new connectivity comes increased responsibility, particularly from state governments and large nonprofits.

Cybersecurity must be at the forefront of any digital literacy effort, ensuring newly connected users are protected. By integrating cybersecurity training into digital equity programs, states can play a critical role in preparing new broadband users for the connected online world.

From recognizing phishing emails to creating strong passwords, cybersecurity training can empower individuals to protect themselves and their communities from the internet’s darker side. The path to true digital equity isn’t just about access to the Internet; it is about ensuring that everyone, regardless of their background, income, or community size, can navigate the online world securely.