In 2021 alone, cybercrime attacks are expected to cost $6 trillion worldwide, and by 2025, they’re expected to reach $10 trillion. The financial impacts are more than any organization or its victims can bear. But, you can work to prevent it and minimize the potential damages. It starts with your own employees as your first line of defense. Each October is National Cyber Security Awareness Month to emphasize the importance of being cyber-aware—both in the workplace and in our personal lives. Although this event lasts just one month, the impact keeps going all year long.
Keep reading to learn what Cyber Security Awareness Month is, why it’s important, and what you can do to have a successful event with your employees.
What is National Cyber Security Awareness Month
National Cyber Security Awareness Month takes place each October to help individuals stay safe online. The concept of this annual campaign was a concerted effort between the National Cyber Security Division of the US Department of Homeland Security and the National Cyber Security Alliance.
This program started in October 2004 and has become more comprehensive each year in bringing greater awareness and education to the population about cyber threats and safe online practices.
Why National Cyber Security Awareness Month is important
Technology impacts our lives and livelihood every day. Whether we’re at home, at work, or on the go, many of us have access to a device that’s likely connected to a network. Having that on-the-go access requires a sense of shared responsibility for everyone to follow safety protocols while online. Here are a few more reasons being cyber-aware and honoring National Cyber Security Awareness Month are important:
- Cybercrime ransom rates are on the increase, with hackers getting savvier every time.
- It presents learning opportunities to change risky behaviors that could result in an attack.
- It enforces a cyber-aware culture by involving everyone in activities that emphasize your company’s security controls and policies.
Besides, humans present the biggest vulnerability for cyberattacks, so we need to prepare them by teaching them safe cyber security practices.
Your essential toolkit for National Cyber Security Awareness Month
To carry out a successful Cyber Security Awareness Month year after year, follow these eight best practices.
1. Create a Cyber Security Awareness Month campaign
Most people appreciate the importance of cyber security. But if you don’t work directly in this area, it’s easy to forget about it on a daily basis. That’s where a cyber security awareness campaign can help bring everyone back on track with your security policies and goals. When it comes to Cyber Security Awareness Month, create a month-long internal campaign that incorporates these objectives:
- Outline your company’s goals.
- Include input from your security teams about risky behaviors they’d like to focus on changing.
- Reinforce the National Cyber Security Awareness Month theme for the year, which is “Do Your Part. #BeCyberSmart.” for 2021.
- Create a different focus for each week.
Creating your campaign is just the start. The next several practices outline how to further invest in and strengthen your campaign.
2. Focus on the major risks to your business
National Cyber Security Awareness Month is an opportunity for introspection on the security risks to your organization. As you prepare cyber security education activities for your employees, begin by considering the major risks your organization faces, such as the following common threats:
- Phishing: These attacks are disguised as legitimate, albeit fraudulent, emails or other communications to trick employees into downloading files or transferring money to gain access to sensitive information.
- Malware: These attacks come from software or online pop-ups with the intent of creating harm. They can exfiltrate information or encrypt vital files that the hackers then charge a premium to unlock. Malware includes ransomware and other computer viruses.
- Poorly secured Wi-Fi and cellular systems: Wi-Fi and cellular infrastructure that isn’t properly secured also present an open door for attackers to break into. This risk is even greater when your company has employees who work from home or other remote locations.
- Poor password and “secrets” security: Poor passwords are ones that are easily guessed or shared, leaving your organization and employees wide open to a hacker anxiously standing by. You never know who among your employees might have a password that makes one of many lists of most hacked passwords each year. Hopefully, you never do. When it comes to software development, good “secrets” hygiene” is just as important, which is why you want to make sure to properly protect your secrets from turning into data leaks.
It takes only one employee to make a mistake that places the entire organization at risk for a security breach. Make sure to cover these common risks and any others that your organization might be subject to.
3. Create a series of cyber security events
In addition to education, National Cyber Security Awareness month is about engaging your employees through various events. For starters, create a topic for each week. You might even use the same focus areas as the Nation Cyber Security Alliance and build activities around them.
For example, in week 1, you might focus on cyber hygiene and keeping your information safe. Around this theme, you might create mini-training sessions with a different lesson each day. You might also sponsor a brown-bag lecture series with special guests as speakers. You can even provide lunch! Of course, include games and prizes around the week’s theme for greater employee engagement.
4. Make cyber security fun with games and prizes
Cyber security is a serious topic, but it doesn’t have to be boring. Make Cyber Security Awareness Month fun by providing fun activities and incentives. For example, create a week-long scavenger hunt or host a cyber-related Jeopardy! tournament between departments. Create a cyber escape room or simulated phishing attacks where employees have to solve the same challenges cyber security experts face every day. Consider offering other games to test your employees’ cyber awareness knowledge. You can even gamify the entire month by offering prizes and other rewards for participation and engagement to see which employee or department is the most cyber-savvy.
5. Make cyber security personal
Everyone plays an important role in cyber security both at work and away from it. That is, each employee must take responsibility to protect their own information and secure their own devices. That starts with reminding employees what they can do to keep themselves safe. Here are some examples:
- Create long, unique passwords at least 12-characters long that combine upper and lowercase letters, numbers, and symbols.
- Use two-factor or multi-factor authentication whenever it’s offered.
- Don’t click untrusted links in emails, texts, or social media posts or messages that you weren’t expecting.
- Install software updates regularly to protect devices and information.
- Perform regular backups of your work to make it faster to restore your data in case of an attack.
- Monitor online presence in social media by being aware of what personal details you might be disclosing and to whom. Regularly review privacy and security settings for social media accounts.
By reminding employees to regularly practice these basics, you create greater awareness about how important cyber security is at the personal level.
6. Share stories and laughs
Laughter and cyber security don’t typically go together. But several amusing cyber security stories are worth the laugh and the lesson they share.
Curate a selection of head-shaking, gut-busting cybersecurity-related videos around your weekly focus topics. For example, in one such video from Jimmy Kimmel Live, people willingly give up their real-life passwords on live television—not to mention the video left on the internet for everyone to watch. Or in this BuzzFeed video, people are surprised how much information strangers can gather just by looking at their social media accounts.
You might even have employees share their worst security-related stories. Invite them to submit their stories anonymously and have everyone vote for the best-of-the-worst one.
7. Communicate, communicate, communicate
In the weeks and days that lead up to Cyber Security Awareness Month and during the month itself, spread your cyber security awareness message to all your employees. Sure, you can send a company-wide email, but get creative. Here are a few examples:
- Hold a company-wide kick-off event that includes a drawing for company swag or even an extra day of vacation as an incentive to attend.
- Post short, creative messages daily on Slack and company intranet sites.
- Create an external campaign to share with your customers and stakeholders how your company practices cyber security awareness.
- Give employees cyber security awareness swag for them to keep near their workstations as a daily reminder to practice staying cyber-safe.
- Create a social employee advocacy plan to push awareness internally, but also demonstrate your core values externally.
Do your best to draw everyone’s attention to the topic and keep them interested.
8. Measure your campaign success
To measure the success of your campaign, ask your employees for feedback. They can tell you what worked, what didn’t work, where improvements could be made, and give ideas for future events. Also, work with your security team to identify metrics and trends after Cyber Security Awareness Month that might help measure the impact of the month’s events.
Keep National Cyber Security Awareness Month going all year long
For this year’s Cyber Security Awareness Month, follow these best practices to engage your employees in cyber security education for the whole month. But cyber security awareness doesn’t end when the month is over. It lasts all year long when you deliver continuous cyber security awareness bites right in your employees’ workflow. By regularly providing cyber security training in bite-sized chunks, your employees make cyber security a priority that keeps them and your company safe online and better prepared to prevent an attack.