5 Ways to Maximize Cybersecurity Awareness Month

In just three days, we’ll be kicking off the 20th anniversary of Cybersecurity Awareness Month. For two decades, October has been the time of year when organizations assess their cybersecurity practices and identify areas for improvement.

I’ve always felt that October is the perfect month to focus on cybersecurity awareness. Spooky decorations with monsters and goblins are everywhere you go, acting as reminders of the sinister cyber threats lurking in your cloud environment.

While cybersecurity awareness should, of course, be an ongoing initiative, October presents a unique opportunity for security leaders to emphasize the behaviors, tools, and resources that can help employees support the security of the organization year-round.

In this article, I’ll share a few ways you can maximize the impact of Cybersecurity Awareness Month in 2023.

This month is your chance to highlight the importance of cybersecurity awareness and how being security-savvy protects both the organization and its employees. Cybersecurity Awareness Month is also an opportunity to leverage the marketing and corporate communications team to add their creativity and expertise to get the message out to your audience.

I recognize that finding the right activities to share the message can be difficult—especially with remote teams. Here are some ideas from my experience as CISO, and some of my plans for promoting cybersecurity awareness here at Abnormal.

1. Underscore the Personal Value

Would-be scammers target people and businesses, so any advice should encompass both the personal and the company context. An employee who becomes a victim of identity theft or extortion is a distracted employee, and ultimately a potential risk to the organization.

Teaching employees how to keep their kids safe online or fine-tune their social media accounts to protect their privacy can be beneficial, and my experience has been that employees are appreciative that we care about their safety. Plus, cybercriminals look at personal accounts to access professional ones, often hoping that people will use the same password across websites. Make it personal, and they’re more likely to participate.

2. Make It Memorable

The impact of cybercrime can be sobering, but the best way for humans to retain information is by keeping it concise and memorable, and including humor. The most impactful training material consists of a few self-deprecating one-liners.

Fun stickers that include slogans or reminders for employees to lock their screens or use complex passwords keep the concept front and center as a ready reminder. You can send these out in early October as a way to celebrate the month.

3. Keep It Fun

Gamification, competition, and giveaways get people more involved than making them watch boring role-training videos.

Using a game like BINGO or a scavenger hunt that forces employees to dig into the security documentation to find policies like the minimum password character requirement gets them beyond the quick skim. You can also use online phishing quizzes or remote games like Kahoot to encourage participation. Rewarding participants with prizes will continue to reinforce good habits long after the month is over.

Our Cybersecurity Awareness Month Resource Kit features four different games to help make improving detection skills more entertaining. We also have a Human or ChatGPT? Quiz that allows employees to test how well they can tell the difference between human-generated malicious emails and AI-generated.

4. Include Guest Speakers

Your employees may be tired of hearing the same information from your team or the training videos through your security awareness platform.

Creating a Lunch and Learn event and inviting a guest speaker to attend is a fun way to engage your employees, and provides a new opportunity to reinforce the message. In the past, I’ve had members of the FBI speak, and security vendors are always willing to speak about security trends and how employees can protect themselves.

5. Start a Year-Long Program

Determine which activities inspire the most awareness and participation, and use that information to create a year-long training calendar. Continue to keep cybersecurity top of mind with new activities, which can be particularly helpful as new people join your team.

Create a Cybersecurity Happy Hour, ask security professionals to speak at a Lunch and Learn once a month, or ask employees to spend 30 minutes each month on a quick activity to keep the momentum. This month is your chance to get people excited so they continue to think about cybersecurity throughout the rest of the year.

Email attacks are becoming increasingly difficult to detect, especially as more cybercriminals begin to weaponize generative AI to craft unique and personalized messages that no longer include the telltale grammar and syntax mistakes of the past.

To combat the malicious applications of generative AI, it’s crucial for organizations to continually foster an environment of awareness and encourage employees to err on the side of “better safe than sorry”. Enterprises must also develop and implement robust defenses, enhance detection capabilities, and stay vigilant to emerging threats—before they become the next victim of an AI-generated attack.

Our CISO Guide to Generative AI Attacks can help you better understand the threat of AI-generated cyberattacks, which will enable you to craft more effective security awareness training programs.

As has been the case for most of this year, October will fly by quickly, and everyone will move on from Cybersecurity Awareness Month. If you are responsible for your company's cybersecurity program, make sure you take full advantage of the momentum that October can bring to keep your employees engaged and cyber-focused throughout the year.

Continue to look for unique ways to interact and try to find fun, bite-sized ways to keep attention on protecting employees and the company. After all, cybercriminals are hard at work the entire year—and you should be too.

Our Cybersecurity Awareness Month Resource Kit makes security education more engaging. Download the kit to take your awareness training to the next level.