Well it’s October again, which means Fall is here, Sundays are for football, folks are picking out costumes for Halloween and, of course, people are paying extra close attention to cybersecurity in recognition of National Cyber Security Awareness Month…right…?
Ok, so maybe not everyone is focused on National Cyber Security Awareness Month, but the program, “a Department of Homeland Security-administered campaign held every October,” does provide a great opportunity to raise awareness of cyber threats, especially as we head into the holiday season, a time when cyberthieves tend to get especially aggressive. (Source: FBI.gov, “National Cyber Security Awareness Month, Cyber Security is Everyone’s Responsibility,” October 3, 2016).
So, in the spirit of “NCSA month,” here are three things you and your company can do to heighten your cybersecurity awareness towards remaining vigilant, strong and cybersecure:
1. Conduct Awareness Campaigns. Something you can do throughout the year is send e-mails to your team members (or organization-wide) keeping them informed of the latest cyberthreats, including such threats as the latest ransomware variants (“Cry” or “Fantom,” for example). During NCSA month, specifically, consider sending an e-mail once a week to really raise awareness and stress to employees that it’s everyone’s job to keep the company and its employees and customers secure. The Department of Homeland Security has a number of resources to help with these efforts, as do various private sector vendors. For more from the DHS, check out their website at www.dhs.gov/stopthinkconnect.
2. Rehearse a Data Breach. One thing you and your leadership can do to really raise cybersecurity awareness at senior staff levels is to conduct tabletop exercises that simulate an actual data breach or other cybersecurity incident. Not only will these practice sessions help to put the cybersecurity issue front and center for the company’s key players, but, “Going through the motions of an imaginary attack can help prevent executives from making common mistakes and mishaps during times of crisis…It’s one of the best ways to test one’s incident response team and plan ahead.” (Source: Fortune magazine, “The Best Way for Companies to Prepare for Inevitable Data Breaches: Rehearse,” citing Diana Kelley, executive security advisor at IBM, September 27, 2016).
3. Conduct a training. There is really never a bad time to conduct cybersecurity training in the workplace, but doing so during NCSA month can both increase awareness and help the company resist an attack. Since, “Increased investment in employee training can reduce the risk of a cyber attack 45 to 70 percent,” and, “employees are ‘perhaps the greatest evolving security threat,'” it would seem that National Cyber Security Awareness month would be the perfect time to not only better prepare employees, but also raise their awareness of the cybersecurity threats they and their employers face. (Source: BizTimes, “Reduce cyber security risks with employee training,” citing a 2015 study by Wombat Security Technologies and the Aberdeen Group, March 28, 2016).
This month, National Cyber Security Awareness month, is the perfect time for leaders to make cybersecurity a priority and truly empower employees with knowledge and awareness. Set aside some time, collaborate with your colleagues, and take steps that make sense for you and your organization so that when the next cyber attack does come along, you and your folks will be ready, willing and able to mount a strong defense and help defeat those seeking to do harm to your company, your people and your customers.