Kill the Catch Phrase

Deloitte pushed out a press release Tuesday on recently being named the "best iconic and overall structure" winner for the 2010 National Cybersecurity Awareness Challenge. But is it newsworthy?

From a visceral angle, it is not. Deloitte's "Think Before You Click" campaign may have edged out 80 other proposals, but no matter how much thinking a user does, it probably won't result in measurably improved security.

We all love a good catch phrase; "click it or ticket" comes to mind. But for a catch phrase to truly work, it has to work. If you drive without wearing a seat belt, a police officer sees you, it's going to cost you. But if you think before clicking a well-manicured and malicious e-mail, it's not always going to stop you from clicking. It's also not going to save your valuable information from being accessed by attackers.

I know the campaign is about much more than using a little self-awareness while computing. But the catch phrase doesn't work for me. It leads users to believe they can protect themselves in a protectionless system. I think we ought to be preaching the truth behind cybersecurity, and the relatively insecure reality that accompanies it.

Catch phrases only muddle the inadequacies, and the very serious changes that must be made to protect all users. If the catch phrase was aimed at a body of individuals that already have some security direction (i.e. federal workforce) it might be more appropriate. But for now, I say, kill the catch phrase.