Essential Toolkit for National Cyber Security Awareness Month

By Daniella Balaban
image September 22, 2021 image 6 MIN READ

In 2021 alone, cybercrime attacks are expected to cost $6 trillion worldwide, and by 2025, they’re expected to reach $10 trillion. The financial impacts are more than any organization or its victims can bear. But, you can work to prevent it and minimize the potential damages. It starts with your own employees as your first line of defense. Each October is National Cyber Security Awareness Month to emphasize the importance of being cyber-aware—both in the workplace and in our personal lives. Although this event lasts just one month, the impact keeps going all year long. 

Keep reading to learn what Cyber Security Awareness Month is, why it’s important, and what you can do to have a successful event with your employees.

What is National Cyber Security Awareness Month

National Cyber Security Awareness Month takes place each October to help individuals stay safe online. The concept of this annual campaign was a concerted effort between the National Cyber Security Division of the US Department of Homeland Security and the National Cyber Security Alliance.

This program started in October 2004 and has become more comprehensive each year in bringing greater awareness and education to the population about cyber threats and safe online practices.

Why National Cyber Security Awareness Month is important

Essential Toolkit for National Cybersecurity Awareness Month Technology impacts our lives and livelihood every day. Whether we’re at home, at work, or on the go, many of us have access to a device that’s likely connected to a network. Having that on-the-go access requires a sense of shared responsibility for everyone to follow safety protocols while online. Here are a few more reasons being cyber-aware and honoring National Cyber Security Awareness Month are important:

Besides, humans present the biggest vulnerability for cyberattacks, so we need to prepare them by teaching them safe cyber security practices.

Your essential toolkit for National Cyber Security Awareness Month

To carry out a successful Cyber Security Awareness Month year after year, follow these eight best practices.

1. Create a Cyber Security Awareness Month campaign

Most people appreciate the importance of cyber security. But if you don’t work directly in this area, it’s easy to forget about it on a daily basis. That’s where a cyber security awareness campaign can help bring everyone back on track with your security policies and goals. When it comes to Cyber Security Awareness Month, create a month-long internal campaign that incorporates these objectives:

  1. Outline your company’s goals.
  2. Include input from your security teams about risky behaviors they’d like to focus on changing.
  3. Reinforce the National Cyber Security Awareness Month theme for the year, which is “Do Your Part. #BeCyberSmart.” for 2021.
  4. Create a different focus for each week.

Creating your campaign is just the start. The next several practices outline how to further invest in and strengthen your campaign. 

2. Focus on the major risks to your business

Focus on the major risks to your business National Cyber Security Awareness Month is an opportunity for introspection on the security risks to your organization. As you prepare cyber security education activities for your employees, begin by considering the major risks your organization faces, such as the following common threats:

It takes only one employee to make a mistake that places the entire organization at risk for a security breach. Make sure to cover these common risks and any others that your organization might be subject to.

3. Create a series of cyber security events

In addition to education, National Cyber Security Awareness month is about engaging your employees through various events. For starters, create a topic for each week. You might even use the same focus areas as the Nation Cyber Security Alliance and build activities around them. 

For example, in week 1, you might focus on cyber hygiene and keeping your information safe. Around this theme, you might create mini-training sessions with a different lesson each day. You might also sponsor a brown-bag lecture series with special guests as speakers. You can even provide lunch! Of course, include games and prizes around the week’s theme for greater employee engagement.

4. Make cyber security fun with games and prizes

Cyber security is a serious topic, but it doesn’t have to be boring. Make Cyber Security Awareness Month fun by providing fun activities and incentives. For example, create a week-long scavenger hunt or host a cyber-related Jeopardy! tournament between departments. Create a cyber escape room or simulated phishing attacks where employees have to solve the same challenges cyber security experts face every day. Consider offering other games to test your employees’ cyber awareness knowledge. You can even gamify the entire month by offering prizes and other rewards for participation and engagement to see which employee or department is the most cyber-savvy.

5. Make cyber security personal

Everyone plays an important role in cyber security both at work and away from it. That is, each employee must take responsibility to protect their own information and secure their own devices. That starts with reminding employees what they can do to keep themselves safe. Here are some examples:

By reminding employees to regularly practice these basics, you create greater awareness about how important cyber security is at the personal level.

6. Share stories and laughs

Laughter and cyber security don’t typically go together. But several amusing cyber security stories are worth the laugh and the lesson they share. 

Why National Cybersecurity Awareness Month is important Curate a selection of head-shaking, gut-busting cybersecurity-related videos around your weekly focus topics. For example, in one such video from Jimmy Kimmel Live, people willingly give up their real-life passwords on live television—not to mention the video left on the internet for everyone to watch. Or in this BuzzFeed video, people are surprised how much information strangers can gather just by looking at their social media accounts.

You might even have employees share their worst security-related stories. Invite them to submit their stories anonymously and have everyone vote for the best-of-the-worst one.

7. Communicate, communicate, communicate

In the weeks and days that lead up to Cyber Security Awareness Month and during the month itself, spread your cyber security awareness message to all your employees. Sure, you can send a company-wide email, but get creative. Here are a few examples:

Do your best to draw everyone’s attention to the topic and keep them interested.

8. Measure your campaign success

To measure the success of your campaign, ask your employees for feedback. They can tell you what worked, what didn’t work, where improvements could be made, and give ideas for future events. Also, work with your security team to identify metrics and trends after Cyber Security Awareness Month that might help measure the impact of the month’s events.

Keep National Cyber Security Awareness Month going all year long

For this year’s Cyber Security Awareness Month, follow these best practices to engage your employees in cyber security education for the whole month. But cyber security awareness doesn’t end when the month is over. It lasts all year long when you deliver continuous cyber security awareness bites right in your employees’ workflow. By regularly providing cyber security training in bite-sized chunks, your employees make cyber security a priority that keeps them and your company safe online and better prepared to prevent an attack.