Have you heard the famous slogan, “A dog is for life, not just for Christmas”? This catchphrase was coined by a UK charity called Dog’s Trust to underscore the long-term responsibility that comes with owning a furry companion. In similar fashion, while October has been designated as Cybersecurity Awareness Month globally, fostering an effective cybersecurity culture in your organization goes beyond recognizing it merely on this particular month – it necessitates unwavering dedication comparable to taking care of our four-legged friends!
It’s fantastic that cybersecurity gets highlighted in October with exciting events and informative webinars hosted by industry professionals, not forgetting the numerous social media posts on password safety. But what happens after the month is over?
This article will present a checklist of cybersecurity awareness activities that can be carried out after October on an annual basis, enabling you to establish genuine cyber protection practices within your company.
Once Cybersecurity Awareness Month is over, take the following steps:
Conduct a post-mortem survey
Initiate by asking your colleagues about what aspects they would like to know more about. Send out surveys and seek feedback on their experience during the month-long campaign-what worked best for them? What didn’t work as expected? The most crucial question here should be – “What do people want to learn next?” You may come across new demands, skills or knowledge that you need internally in order not lose momentum of this important awareness activities.
Make the most of individuals’ inclination to enhance their skills. Following Cybersecurity Awareness Month, I have frequently observed an increased demand from employees in departments outside of IT for comprehensive training sessions on topics pertaining to them. For instance, a finance unit may want to gain further insight into Business Email Compromise (BEC) assaults and identify procedures that can augment their resilience against such threats. Utilize this chance as a means to ensure greater awareness leads to better security practices.
Draft an awareness plan for the next twelve months and educate others on how to put this knowledge into practice. Recent studies suggest that, while 50% of individuals adhere to five fundamental security practices, there remains much opportunity for progress in personal cybersecurity behavior (“Cybersecurity Attitudes and Behaviors” report by National Cybersecurity Alliance & CybSafe). An annual campaign advocating increased public awareness could be a worthwhile endeavor.
It should be noted that raising awareness alone is insufficient. Awareness training often receives criticism for being intimidating and overly theoretical, rather than offering practical guidance on enhancing individuals’ security practices. Therefore, it’s crucial to provide clear action-oriented measures in any awareness program.
To increase interest, it’s possible to relate the subject matter back to individuals. Cybersecurity gains higher involvement when you discuss its relevance in one’s personal life and their family’s safety. The good news is that practices used for self-protection at home have substantial use in safeguarding professional environments as well. To enhance productivity, instruct on practical measures applicable both domestically and professionally.
Template for yearly plan to raise awareness of cybersecurityAs a note, this template has been created with organizations in the northern hemisphere in mind. In case your Summer break falls during January as opposed to July and August, don’t hesitate to modify the recommendations accordingly!
From November through December, shoppers are bombarded with irresistible bargains and unscrupulous vendors looking to exploit the festive season. Alerting individuals about these hazards can help maintain their online safety awareness. Remind them to be vigilant against phishing emails and scrutinize website credibility before making any purchases.
From January to February, tax season begins for the United States, Canada and many European countries. This period provides a perfect opportunity to educate people about various types of scams related to taxes, including impersonation schemes, refund frauds and phishing attempts.
The training will strengthen positive security practices such as being vigilant of ‘shings’ including phishing, smishing and vishing. Moreover, in areas where tax laws permit individuals to safeguard their taxes accounts through PINs and passwords, the instruction can foster habits like selecting robust credentials and avoiding reusing them.
From March through April, a lot of individuals are focused on arranging their holidays. With the harsh winter still present in many areas, people seek to break away and enjoy some warmth or hit the slopes for a skiing experience. Additionally, numerous schools schedule spring breaks during this season*, making it an ideal time for families to organize family trips.
*Note: It was not specified which month exactly spring break typically falls under; hence I used “season” instead of any particular date range within March-April that may be more accurate but wasn’t given contextually by the text prompt provided 🙂
In the present month, it is a favorable opportunity to increase awareness regarding prevalent holiday rental and hotel deceptions. This serves to strengthen the habit of verifying website authenticity for security purposes while reminding associates that being featured on a website does not necessarily indicate trustworthiness!
June marks the transition from spring to summer, and it’s a great time to motivate individuals to spruce up their passwords. It has been discovered that numerous people possess over ten crucial passwords; therefore, this period is perfect for reminding associates about observing proper security practices in managing these accounts. Colleagues can ensure this by:
Switching from passwords to passphrases for better security.
Ensuring that every one is distinctive.
One can utilize a website such as Troy Hunt’s Have I Been Pwned to verify if their email has been subject to any data breaches.
If provided, activate Multi-Factor Authentication (MFA) for the website or application.
From the month of July to August, as we kick off the summer vacation period, let us concentrate on enlightening individuals about how crucial it is to update their devices. One way to approach this topic would be using a somewhat cheesy yet effective metaphor that highlights the necessity for (digital) rejuvenation after working hard just like individuals need revitalization from exhaustion and strain; updates provide precisely that – a chance at rejuvenation with software upgrades.
As IoT devices become more prevalent in homes, it’s essential to educate homeowners about the importance of securing their properties when they’re away. One effective method is by encouraging them to update their cameras and lights regularly. It’s vital that the device software is kept up-to-date automatically where possible, but there should also be emphasis on changing default passwords frequently as a precautionary measure.
Discussing work devices is important. Clarify why updating them regularly is crucial and emphasize the necessary security measures, like avoiding delays in updates.
In September, prioritize one of the lesser security behaviors by emphasizing on backing up essential data. Encourage your coworkers to reflect upon all the family event photographs captured in the past year and imagine their reactions if they were lost!
This month’s security focus emphasizes the importance of backing up items that are important to your colleagues, and how effortless it is to utilize cloud backup. One can compare the routine backup procedures at work with the lack thereof in home systems belonging to coworkers.
It’s October already, which means it’s Cybersecurity Awareness month again! Take advantage of the hype this time brings and commence preparation for your next year-long cybersecurity education efforts. While creating a plan, keep in mind that Pluralsight offers an excellent range of content from renowned authors to introduce diversity into your scheme – you need not start everything right from scratch.
Kindly assign an alternate value to the image.
It’s important not to limit Cybersecurity Awareness only among your coworkers. When creating your yearly awareness plan, bear in mind that there are two additional groups you need to include: executives or non-executive managers, and the supply chain.
Management that is non-executive often gets left out of awareness programs, which can be a mistake due to historical reasons or simply reluctance to engage with them. It’s important not to overlook this demographic!
Ensure their inclusion in your awareness initiatives as non-executive management is being increasingly held to a higher standard of cybersecurity expertise by regulators. Moreover, consider requesting permission to briefly attend one of their gatherings and inquire about the type of cybersecurity instruction they require – an excellent suggestion indeed.
Including your third-party supply chain in your cybersecurity awareness may appear unusual, but it is a growing trend. Some organizations seek to collaborate with smaller suppliers that lack adequate cybersecurity maturity. Therefore, they are raising inquiries such as:
What additional services can the awareness team provide in conjunction with the conventional third-party risk management program?
Is it possible to impart the organization’s awareness training to the supplier in order for them to enhance their workforce’s security culture?
Can the supplier benefit from utilizing resources provided by either the Cyber Readiness Institute or the Global Cyber Alliance on an organizational level?
In summary
the key takeaway is to take action on cybersecurity awareness consistently throughout the year. It’s important to make sure your awareness initiatives are tailored and actionable for your audience instead of limiting them within a yearly period. By using the aforementioned framework and modifying it as necessary, you can begin encouraging positive security behaviors in your organization and truly instill a culture of cybersecurity, ultimately reducing risks at every level.
To put it differently, “Cybersecurity is a continual effort and not limited to Cybersecurity Awareness Month alone.