Online Safety and the Relationship with Cybersecurity
This post will give an overview of the relationship between online safety and cybersecurity. This will hopefully give an idea of how they work together, their differences and how they both complement each other. Online safety refers to the act of staying safe online. It is also commonly known as internet safety, e-safety and cyber safety. It encompasses all technological devices which have access to the internet from PCs and laptops to smartphones and tablets. Being safe online means individuals are protecting themselves and others from online harms and risks which may jeopardise their personal information, lead to unsafe communications or even affect their mental health and wellbeing.
In English, we have different words for safety and security. With their use and meaning often being used for different contexts. Though depending on the context 'safety' in English can mean to be secure or 'security' referring to being safe. Though in French for example they use the same word for both 'sécurité' so the meaning is context dependant. But at times this may cause issues when you are discussing problems that overlap or convey requirements to be met in different countries. Which when it comes to standards writing can at times causes issues even though the vast majority of standards documents are written and published in English the contributors are often drawn from different countries so will not necessarily have English as a first language. So agreeing to text which everyone is happy on meaning and context can sometimes take a while.
Safety and security are terms that are associated with the protection of a person, organisation, and assets against external threats or incidents that are likely to cause harm. Security is generally focused on ensuring that external factors do not cause trouble or unwelcome situation to the organisation, individuals, and assets. While safety is the feeling of being protected from the factors that cause harm. A key difference is that the feeling of being safe is often an emotional aspect while security has to do with the physical aspect. An individual feels safe when they are embraced by their loved ones which means that their emotional safety has been taken care of. On the other hand, the aspect of security comes with physical aspects like tall walls that are protecting an individual from external threats. It is important to note that security is mostly an external affair while safety is an internal aspect. People looking for security ensure that they are highly protected against external factors that are likely to harm them. On the other hand, an individual within the organisation might cause the essence of lacking safety or a party might make themselves not feel safe. The other notable difference between security and safety is that security is the protection against deliberate threats while safety is the aspect of being secure against unintended threats. People and assets are usually protected against deliberate threats that are caused by malicious actors who have the intention to sabotage the operations of the company, steal resources of the organisation, or harm an individual. On the other hand, the safety of a person is mostly installed so that they can be protected against unintended accidents. For example, individuals are required to wear safety clothing in an organisation that deals with chemicals so that they can be protected against accidents.
Often when discussing online safety it mainly focuses on individuals own choices but it is equally to companies implementing online safety measures for their customers and how those same companies protect their employees.
Resources and Guides
For looking up and reading about examples of online safety and cybersecurity resources from the UK NCSC and Gov.UK Online safety are a couple of good places to start. Other resources are available.
Shopping online securely (https://www.ncsc.gov.uk/guidance/shopping-online-securely)
This gives advice on best practise on being aware of how to stay off but also explains what type of cybersecurity steps you should take along with advice if something goes wrong.
Online gaming for families and individuals (https://www.ncsc.gov.uk/guidance/online-gaming-for-families-and-individuals)
This gives advice on best practises on securing devices, account protection, privacy protection and reminding why it is usefully best to official stores or sources. Also, it provides resources on protecting younger players from cyberbullying, excessive time spent playing games, to unscrupulous game designs which encourage children to pay for content.
Online Safety - Guidance and Regulation (https://www.gov.uk/search/guidance-and-regulation?page=1&parent=%2Fsociety-and-culture%2Fonline-safety&topic=ecc8978c-cc6b-463e-a3d5-d5428c3e9f7d)
While more geared to organisations than individuals there is useful information and guidance to be found for online safety though some of it does cover dark topics so would recommend taking time to read through it.
Overlap between Safety and Security
Access control could be considered the main overlap since it is about preventing unauthorised access from a malicious actor from causing harm. For example in preventing cyberbullying or harassment systems that block malicious actors and limits their ability to regain access through alternative personas prevents them from causing harm.
Behaviour and awareness
In cybersecurity, this would fall under the area of human factors and in online safety, it is about educating people. It is vital in ensuring consumers know how to stay safe online but often involves understanding what types of cybersecurity steps they should also take. Along with recognising different types of cyberattacks. This also applies to employees within companies as humans are often described as the weakest link in cybersecurity so measures which ensure awareness and secure behaviour are essential.
The principles of 'Secure by design/default' which embeds cybersecurity from the start within a product or service instead of adding it onto them near or at the end of the design process is key to ensuring its vulnerabilities can be minimised from the start of a product or services life cycle. By ensuring vulnerabilities are minimised can make it difficult for malicious actors to exploit a device or service to the user thus keeping them safe from potential harm.
The motivation to ensure and improve online safety is being pushed in new and upcoming laws and regulations. For example in the UK the draft 'Online Safety Bill' but other countries are looking at similar legislation but there have different motivations and goals concerning online safety simply due to different cultural views of what safety means.
Though if individuals and companies are already following best cybersecurity and privacy best practices they will all already go a long to ensuring online safety. But they are not an excuse to ignore online safety as assuming you will follow 'A' you also cover 'B' doesn't always work.
There is potential in how standards bodies provide support and guidance for online safety but it is not necessarily always a technical problem. Online safety tends to be more education and awareness problem so would fall under human factors. Though ETSI TC Cyber group on their long term Roadmap have Usability and User behaviour so online safety is within their area of work.