How CISOs Can Take Advantage of Cybersecurity Awareness Month

October 6, 2021

It’s time to turn the page on the calendar, and we are finally in October—the one month of the year when the spooky becomes reality. October is a unique juncture in the year as most companies are making the mad dash to year-end, and employees are starting to gear up for the next year, setting new goals and planning sales kickoffs. But for those in the cybersecurity field, October is that magical month where the spotlight turns to cybersecurity as we take part in Cybersecurity Awareness Month.

Celebrating Cybersecurity Awareness Month

This month is an opportunity to highlight the importance of cybersecurity awareness, the profession itself, and how being security-savvy protects both the organization and the employees themselves. Cybersecurity Awareness Month is also an opportunity to leverage the marketing and corporate communications team to add their creativity and expertise to get the message out to your audience.

Finding the right activities to share the message can be difficult though, especially as teams stay remote as a result of the pandemic. Here are some ideas from my past experience as CISO, and some of my plans for promoting cybersecurity awareness here at Abnormal.

  1. Underscore the Personal Value. Would-be scammers target people and businesses, so any advice should encompass both personal and company context. An employee that becomes a victim of identity theft or extortion is a distracted employee, and ultimately a potential risk to the organization. Teaching employees how to keep their kids safe online or fine-tuning their social media accounts to protect their privacy can be beneficial, and my experience has been that employees are appreciative that we care about their personal safety. Make it personal, and they’re more likely to participate.

  2. Make It Memorable. The impact of cybercrime can be sobering, but the best way for humans to retain information is by keeping it concise, memorable, and including humor. The most impactful training material consists of a few self-deprecating one-liners. Fun stickers that include slogans or reminders for employees to lock their screen or use complex passwords keeps the concept front and center as a ready reminder. You can send these out in early October as a way to celebrate the month.

  3. Keep It Fun. Gamification, competition, and giveaways get people involved deeper than making them watch boring role training videos. Using a game like BINGO or a scavenger hunt that forces employees to dig into the security documentation to find policies like the minimum password character requirement gets them beyond the quick skim. You can also use online quizzes or remote games like Kahoot to encourage participation. Rewarding participants with prizes like a year-long subscription for a password manager or a high-quality webcam cover will continue to reinforce good habits long after the month is over.

  4. Include Guest Speakers. Your employees may be tired of hearing the same information from your team, or from the training videos through your security awareness platform. Creating a Lunch and Learn event and inviting a guest speaker to attend is a fun way to engage your employees, and provides a new opportunity to reinforce the message. In the past, I’ve had members of the FBI speak, and security vendors are always willing to speak about security trends and how employees can protect themselves.

  5. Start a Year-Long Program. Use this opportunity to see which activities inspire the most awareness and participation, and use that information to create a year-long calendar. Continue to keep cybersecurity top of mind with new activities, which can be particularly helpful as new people join your team. Create a Cybersecurity Happy Hour or ask security professionals to speak at a Lunch and Learn once a month, or ask employees to spend 30 minutes each month on a quick activity to keep the momentum. This month is your opportunity to get people excited so they continue to think about cybersecurity throughout the rest of the year.

As has been the case for most of this year, October will fly by quickly, and everyone will move on from Cybersecurity Awareness Month. If you are responsible for your company's cybersecurity program, make sure you take full advantage of the momentum that October can bring to keep your employees engaged and cyber-focused throughout the year.

Continue to look for unique ways to interact and try to find fun, bite-sized ways to keep attention on protecting employees and the company. After all, cybercriminals are hard at work the entire year—and you should be too.

Abnormal would love to help you celebrate Cybersecurity Awareness Month! If you’re looking for a guest speaker to discuss business email compromise and other email attacks, contact us today.

Previous
Email spoofing cover
Email spoofing is a common form of phishing attack designed to make the recipient believe that the message originates from a trusted source. A spoofed email is more than just a nuisance—it’s a malicious communication that poses a significant security threat.
Read More
Next
Ices announcement cover
Abnormal ICES offers all-in-one email security, delivering a precise approach to combat the full spectrum of email-borne threats. Powered by behavioral AI technology and deeply integrated with Microsoft 365...
Read More

Related Posts

B 10 15 21
With Detection 360, submission to threat containment just got 94% faster, making it incredibly easy for customers to submit false positives or missed attacks, and get real-time updates from Abnormal on investigation, conclusion, and remediation.
Read More
Extortion blog cover
Unfortunately, physically threatening extortion attempts sent via email continue to impact companies and public institutions when received—disrupting business, intimidating employees, and occasioning costly responses from public safety.
Read More
Blog engineering cybersecurity careers
Cybersecurity Careers Awareness Week is a great opportunity to explore key careers in information security, particularly as there are an estimated 3.1 million unfilled cybersecurity jobs. This disparity means that cybercriminals are taking advantage of the situation, sending more targeted attacks and seeing greater success each year.
Read More
Blog hiring cybersecurity leaders
As with every equation, there are always two sides and while it can be easy to blame users when they fall victim to scams and attacks, we also need to examine how we build and staff security teams.
Read More
Cover automated ato
With an increase in threat actor attention toward compromising accounts, Abnormal is focused on protecting our customers from this potentially high-profile threat. We are pleased to announce that our new Automated Account Takeover (ATO) Remediation functionality is available.
Read More
Email spoofing cover
Email spoofing is a common form of phishing attack designed to make the recipient believe that the message originates from a trusted source. A spoofed email is more than just a nuisance—it’s a malicious communication that poses a significant security threat.
Read More
Cover cybersecurity month kickoff
It’s time to turn the page on the calendar, and we are finally in October—the one month of the year when the spooky becomes reality. October is a unique juncture in the year as most companies are making the mad dash to year-end...
Read More
Ices announcement cover
Abnormal ICES offers all-in-one email security, delivering a precise approach to combat the full spectrum of email-borne threats. Powered by behavioral AI technology and deeply integrated with Microsoft 365...
Read More
Account takeover cover
Account takeovers are one of the biggest threats facing organizations of all sizes. They happen when cybercriminals gain legitimate login credentials and then use those credentials to send more attacks, acting like the person...
Read More
Blog podcast green cover
Many companies aspire to be customer-centric, but few find a way to operationalize customer-centricity into their team’s culture. As a 3x SaaS startup founder, most recently at Orum, and a veteran of Facebook and Palantir, Ayush Sood...
Read More
Blog attack atlassian cover
Credential phishing links are most commonly sent by email, and they typically lead to a website that is designed to look like common applications—most notably Microsoft Office 365, Google, Amazon, or other well-known...
Read More
Blog podcast purple cover
Working at hyper-growth startups usually means that unreasonable expectations will be thrust on individuals and teams. Demanding timelines, goals, and expectations can lead to high pressure, stress, accountability, and ultimately, extraordinary growth and achievements.
Read More