It’s time to turn the page on the calendar, and we are finally in October—the one month of the year when the spooky becomes reality. October is a unique juncture in the year as most companies are making the mad dash to year-end, and employees are starting to gear up for the next year, setting new goals and planning sales kickoffs. But for those in the cybersecurity field, October is that magical month where the spotlight turns to cybersecurity as we take part in Cybersecurity Awareness Month.
Celebrating Cybersecurity Awareness Month
This month is an opportunity to highlight the importance of cybersecurity awareness and how being security-savvy protects both the organization and employees. Cybersecurity Awareness Month is also an opportunity to leverage the marketing and corporate communications team to add their creativity and expertise to get the message out to your audience.
Finding the right activities to share the message can be difficult though, especially with remote teams. Here are some ideas from my past experience as CISO, and some of my plans for promoting cybersecurity awareness here at Abnormal.
Underscore the Personal Value. Would-be scammers target people and businesses, so any advice should encompass both the personal and the company context. An employee that becomes a victim of identity theft or extortion is a distracted employee, and ultimately a potential risk to the organization. Teaching employees how to keep their kids safe online or fine-tune their social media accounts to protect their privacy can be beneficial, and my experience has been that employees are appreciative that we care about their personal safety. Plus, cybercriminals look at personal accounts to access professional ones, often hoping that people will use the same password across websites. Make it personal, and they’re more likely to participate.
Make It Memorable. The impact of cybercrime can be sobering, but the best way for humans to retain information is by keeping it concise, memorable, and including humor. The most impactful training material consists of a few self-deprecating one-liners. Fun stickers that include slogans or reminders for employees to lock their screen or use complex passwords keeps the concept front and center as a ready reminder. You can send these out in early October as a way to celebrate the month.
Keep It Fun. Gamification, competition, and giveaways get people involved deeper than making them watch boring role training videos. Using a game like BINGO or a scavenger hunt that forces employees to dig into the security documentation to find policies like the minimum password character requirement gets them beyond the quick skim. You can also use online quizzes or remote games like Kahoot to encourage participation. Rewarding participants with prizes like a year-long subscription for a password manager or a high-quality webcam cover will continue to reinforce good habits long after the month is over.
Include Guest Speakers. Your employees may be tired of hearing the same information from your team, or from the training videos through your security awareness platform. Creating a Lunch and Learn event and inviting a guest speaker to attend is a fun way to engage your employees, and provides a new opportunity to reinforce the message. In the past, I’ve had members of the FBI speak, and security vendors are always willing to speak about security trends and how employees can protect themselves.
Start a Year-Long Program. Use this opportunity to see which activities inspire the most awareness and participation, and use that information to create a year-long calendar. Continue to keep cybersecurity top of mind with new activities, which can be particularly helpful as new people join your team. Create a Cybersecurity Happy Hour or ask security professionals to speak at a Lunch and Learn once a month, or ask employees to spend 30 minutes each month on a quick activity to keep the momentum. This month is your opportunity to get people excited so they continue to think about cybersecurity throughout the rest of the year.
As has been the case for most of this year, October will fly by quickly, and everyone will move on from Cybersecurity Awareness Month. If you are responsible for your company's cybersecurity program, make sure you take full advantage of the momentum that October can bring to keep your employees engaged and cyber-focused throughout the year.
Continue to look for unique ways to interact and try to find fun, bite-sized ways to keep attention on protecting employees and the company. After all, cybercriminals are hard at work the entire year—and you should be too.
Abnormal would love to help you celebrate Cybersecurity Awareness Month! If you’re looking for a guest speaker to discuss business email compromise and other email attacks, contact us today.