Katja Dörlemann works for SWITCH as a Security Awareness Specialist. In this interview, she explains how she manages to present technically complex security topics in an accessible way in order to raise awareness of internet security among various groups.
Katja Dörlemann: The main task of SWITCH-CERT is to identify and report internet security incidents. This is how we protect Swiss universities, owners of .ch and .li domains, Swiss banks and the entire Swiss internet community. In other words, we identify and document websites that are sources of malware, phishing or that list false information about the domain owner. It is these sites in particular which are often used for fraudulent purposes, because it is impossible to determine who is actually behind them. This year alone, SWITCH has cooperated with the relevant authorities to remove 5,000 fraudulent websites listing false information about their owners, thus protecting a great many internet users against financial losses. SWITCH also helps to prevent attacks by offering services such as its DNS firewall. Should an incident occur despite all of this, the SWITCH-CERT team is prepared and ready to find a solution as quickly as possible.
SWITCH-CERT is one of the few certified CERTs and enjoys an excellent international reputation. We’ve maintained our solid connections in the industry for more than 20 years to ensure we’re always up to speed in the area of internet operations. SWITCH is in charge of Switzerland’s FORS research network and functions as a CERT in Switzerland. This means that SWITCH has a comprehensive, first-hand overview of the Swiss internet landscape and its risks.
Katja Dörlemann: Making the Swiss internet even more secure requires not only taking effective IT security measures, but also ensuring internet users have the required skills. After all, the best security technology is worth nothing if people don’t use it or understand how it works. The challenge is to take highly technical expertise and present it in a way that is accessible to the average user.
There is often a huge discrepancy between the demands of security experts and the needs of the end user – not to mention their communication styles. You really could say that they speak different languages. This is where I come in as an interlocutor, or translator. As a writer with an interest in technology, I understand both sides and appreciate their differing needs.
So I take technical information about things like phishing and try to distil it in texts offering practical information geared towards less tech-savvy individuals. Here it’s not only the content itself that’s important, but also how it’s presented. Appealing design, a nice text layout, and a selection of different media help to disseminate the information effectively so that it has a lasting impact.
"There is often a huge discrepancy between the demands of security experts and the needs of the end user. You really could say that they speak different languages. This is where I come in as an interlocutor, or translator."
Ultimately, the goal is to get internet users and domain owners on board. But obviously they’re not responsible for keeping up with every single security issue at all times – that’s where SWITCH-CERT comes in. However, we do need them to contribute as well. Heedless web browsing and careless website management potentially put them and all other internet users at risk. Only when we work together can we make the internet safer.
Katja Dörlemann: My day-to-day work mainly involves cooperation and coordination in Switzerland, internationally, and here at SWITCH. It’s about communicating and collaborating with my team colleagues and other SWITCH departments, with the registrars, universities – and, of course, with other awareness specialists. I search for new ways to communicate topics relating to internet security in an effective and appealing way. I also look for good practice approaches. This involves networking with experts internationally in the areas of cybercrime and awareness. When preparing a new plan of action, I create the content with input from my team colleagues and work closely with our marketing department on the graphic design aspects and production. Awareness is definitely an interdisciplinary topic. This adds variety to my workday and makes it exciting.
Katja Dörlemann: All internet users, registrars, as well as all .ch and .li owners benefit from the information we provide. If we can help registrars and hosting companies draw their customers’ attention to internet security risks and convince them to implement some basic security measures, this reduces the level of support needed, among other things. A secure website doesn’t spread malware and won’t fall prey to phishing attacks – and that in turn protects all other websites and internet users.
"All internet users, registrars, as well as all .ch and .li owners benefit from the information we provide. A secure website doesn’t spread malware and won’t fall prey to phishing attacks – and that in turn protects all other websites and internet users."
Katja Dörlemann: SWITCH uses many different avenues to inform domain owners and internet users about internet security risks. For example, the foundation serves as a distribution platform for its network of universities, registrars, web hosting companies and other organisations, such as the Swiss Internet Security Alliance. Through universities we aim to reach both students and employees, and through registrars and web hosting companies we reach domain owners and web agencies.
Another platform is the Swiss Web Security Day, which was held this year for the first time and was geared mainly towards providers of web hosting services. Experts from Switzerland and around the globe gave spoke to attendees about current security issues. They also had the opportunity to share their knowledge and experiences with each other.
SWITCH’s Safer Internet programme offers content and a medium for communicating important information to domain owners. Further awareness campaigns that are based on this programme are planned for the coming year, specifically aimed at promoting communication between registrars and domain owners.
SWITCH provides customers and other interested parties the latest security-related information in its newsletter, Security Blog, Twitter and via email lists. We’re also eager to promote the sharing of our own content and communications products as well as those of our customers and partners. We can also help with creating new materials.
Katja Dörlemann: Right now I’m very involved in the STOP.THINK.CONNECT work group. The international campaign is organised in Switzerland by the Swiss Internet Security Alliance (SISA) and collaborates each year in October for European Cyber Security Month. This year we’ve organized a campaign in Switzerland to address the topic of phishing. SWITCH was in charge of the production and shipping of the posters, flyers, stickers and umbrellas. I’m currently still in the process of collecting and reviewing the feedback I’ve received.
I’m also looking to see which international exchange platforms are suitable in my area of focus for Switzerland and for SWITCH. Right now I’m also trying to integrate security awareness into SWITCH’s existing platforms.
But I’m mainly working on the plan of action for next year. Detailed organisation is required to ensure that everything runs smoothly and on schedule, that all stakeholders are taken into account and that the criteria for collaboration are met. This means I still have to collect information from many different sources.
Meanwhile, I’m still trying to learn the names and faces of all my friendly colleagues (laughs).