How CISOs Can Take Advantage of Cybersecurity Awareness Month

October 6, 2021

It’s time to turn the page on the calendar, and we are finally in October—the one month of the year when the spooky becomes reality. October is a unique juncture in the year as most companies are making the mad dash to year-end, and employees are starting to gear up for the next year, setting new goals and planning sales kickoffs. But for those in the cybersecurity field, October is that magical month where the spotlight turns to cybersecurity as we take part in Cybersecurity Awareness Month.

Celebrating Cybersecurity Awareness Month

This month is an opportunity to highlight the importance of cybersecurity awareness, the profession itself, and how being security-savvy protects both the organization and the employees themselves. Cybersecurity Awareness Month is also an opportunity to leverage the marketing and corporate communications team to add their creativity and expertise to get the message out to your audience.

Finding the right activities to share the message can be difficult though, especially as teams stay remote as a result of the pandemic. Here are some ideas from my past experience as CISO, and some of my plans for promoting cybersecurity awareness here at Abnormal.

  1. Underscore the Personal Value. Would-be scammers target people and businesses, so any advice should encompass both personal and company context. An employee that becomes a victim of identity theft or extortion is a distracted employee, and ultimately a potential risk to the organization. Teaching employees how to keep their kids safe online or fine-tuning their social media accounts to protect their privacy can be beneficial, and my experience has been that employees are appreciative that we care about their personal safety. Make it personal, and they’re more likely to participate.

  2. Make It Memorable. The impact of cybercrime can be sobering, but the best way for humans to retain information is by keeping it concise, memorable, and including humor. The most impactful training material consists of a few self-deprecating one-liners. Fun stickers that include slogans or reminders for employees to lock their screen or use complex passwords keeps the concept front and center as a ready reminder. You can send these out in early October as a way to celebrate the month.

  3. Keep It Fun. Gamification, competition, and giveaways get people involved deeper than making them watch boring role training videos. Using a game like BINGO or a scavenger hunt that forces employees to dig into the security documentation to find policies like the minimum password character requirement gets them beyond the quick skim. You can also use online quizzes or remote games like Kahoot to encourage participation. Rewarding participants with prizes like a year-long subscription for a password manager or a high-quality webcam cover will continue to reinforce good habits long after the month is over.

  4. Include Guest Speakers. Your employees may be tired of hearing the same information from your team, or from the training videos through your security awareness platform. Creating a Lunch and Learn event and inviting a guest speaker to attend is a fun way to engage your employees, and provides a new opportunity to reinforce the message. In the past, I’ve had members of the FBI speak, and security vendors are always willing to speak about security trends and how employees can protect themselves.

  5. Start a Year-Long Program. Use this opportunity to see which activities inspire the most awareness and participation, and use that information to create a year-long calendar. Continue to keep cybersecurity top of mind with new activities, which can be particularly helpful as new people join your team. Create a Cybersecurity Happy Hour or ask security professionals to speak at a Lunch and Learn once a month, or ask employees to spend 30 minutes each month on a quick activity to keep the momentum. This month is your opportunity to get people excited so they continue to think about cybersecurity throughout the rest of the year.

As has been the case for most of this year, October will fly by quickly, and everyone will move on from Cybersecurity Awareness Month. If you are responsible for your company's cybersecurity program, make sure you take full advantage of the momentum that October can bring to keep your employees engaged and cyber-focused throughout the year.

Continue to look for unique ways to interact and try to find fun, bite-sized ways to keep attention on protecting employees and the company. After all, cybercriminals are hard at work the entire year—and you should be too.

Abnormal would love to help you celebrate Cybersecurity Awareness Month! If you’re looking for a guest speaker to discuss business email compromise and other email attacks, contact us today.

Image

Prevent the Attacks That Matter Most

Get the Latest Email Security Insights

Subscribe to our newsletter to receive updates on the latest attacks and new trends in the email threat landscape.

Demo 2x 1

See the Abnormal Solution to the Email Security Problem

Protect your organization from the attacks that matter most with Abnormal Integrated Cloud Email Security.

Related Posts

B 05 13 22 Spring Product Release
This quarter, the team at Abnormal launched new features to improve lateral attack detection, role-based access control (RBAC), and explainable AI. Take a deep dive into all of the latest product enhancements.
Read More
B 05 11 22 Champion Finalist
Abnormal has been selected as a Security Customer Champion finalist in the Microsoft Security Excellence Awards! Here’s a look at why.
Read More
Blog series c cover
When we raised our Series B funding 18 months ago, I promised our customers greater value, more capabilities, and better customer support. We’ve delivered on each of those promises and as we receive an even larger investment, I’m excited about how we can continue to further deliver on each of them.
Read More
B 05 09 22 Partner Community
It’s an honor to be named one of CRN’s 2022 Women of the Channel. Here’s why I appreciate the award and what I love about being a Channel Account Manager at Abnormal.
Read More
B 05 05 22 Fast Facts
Watch this short video to learn current trends and key issues in cloud email security, including how to protect your organization against modern threats.
Read More
B 05 03 22
Like all threats in the cyber threat landscape, ransomware will continue to evolve over time. This post builds on our prior research and looks at the changes we observed in the ransomware threat landscape in the first quarter of 2022.
Read More
B 04 28 22 8 Key Differences
At Abnormal, we pride ourselves on our excellent machine learning engineering team. Here are some patterns we use to distinguish between effective and ineffective ML engineers.
Read More
B 04 26 22 Webinar Re Replacing Your SEG
Learn how Microsoft 365 and Abnormal work together to provide comprehensive defense-in-depth protection in part two of our webinar recap.
Read More
Blog mitigate threats cover
Learn about the most common socially-engineered attacks and why these tactics are still so successful—despite a growing awareness from employees.
Read More
B Podcast Engineering8
In episode 8 of Abnormal Engineering Stories, Kevin interviews Saminda Wijegunawardena, an engineering leader who is no stranger to fast-growing enterprise startups.
Read More
B 04 04 22 Webinar Recap Krebs
High-impact emails are on the rise and secure email gateways (SEGs) don’t have the functionality to mitigate them. Learn how your SEG is letting you down.
Read More
B 04 19 22 Facebook Phishing
While phishing emails have long been a popular way to steal Facebook login credentials, we’ve recently seen an increase in more sophisticated phishing attacks.
Read More