I guess it seems fitting that the Department of Homeland Security decided to designate October as National Cyber Security Awareness Month. All our little ones want to do on Halloween is get to the little treats of chocolatey goodness, but to do so they must navigate through the dusky maze of ghosts, goblins, sticky spider webs and pet cemeteries. Likewise, all most of us want to do online is seek out that new viral video or find the best deal for our upcoming purchase, but in order to do so we must suffer through the dark recesses of the internet and all things malware, imposter sites and phishing scams.
So, here is your invitation to join in on all the scary fun that is October. And the DHS has made it super easy to get involved. On their homepage they’ve posted weekly themes and links to FREE! resources that you can use as starting points for your organization.
Here’s a breakdown of the month:
Week 1 Topic: Every Day Steps Towards Online Safety with Stop.Think.Connect.
Week 2 Topic: Cyber From the Break Room to the Board Room
Week 3 Topic: Recognizing and Combating Cybercrime
Week 4 Topic: Continuously Connected Lives: What’s Your ‘App’-titude?
Week 5 Topic: Building Resilience in Critical Infrastructure
Whether you take part in the whole month or just a day, this is a great time to talk about information security as the buzz around Cyber Security and October only continues to grow.
Cyber Security the Rest of the Year
An important take-away from the October campaign is that you can (and should) be doing awareness all the time. If you are stuck in a once-a-year mandatory training video as your only safeguard between you and that next phishing email, it’s time you built out a more robust awareness program. Your users want to know how to be safe online, if not for you, for their own devices. And good information security habits learned anywhere translate to better behavior everywhere!
So I challenge you to build out a training and awareness calendar for the year. Keep the annual compliance videos (or bring in a speaker to change things up – we might know a few people who’d love to wax poetic about information security), but then supplement that learning with relevant tips, tricks and resources throughout the year that will keep information security top-of-mind.
And to get you going, here’s a sample training and awareness calendar that you can use as a starting point (click here to get the Excel file):
Of course, you don’t have to do all of these activities or even do a different topic each month (or maybe you’ll do more!). What’s super exciting, however, especially for those of us without huge training and awareness budgets, is that this list is comprised of either free or mostly free (just a few hours of your time each month) activities that can make a huge impact on your staff!
And, of course, if you want more help, our team would love to help you plan or implement your training efforts!
Information Security vs Cyber Security, A Quick Aside
For those of you paying attention, I’m using information security and cyber security synonymously. Technically they are slightly different (information security is about protection the confidentiality, integrity and availability of data and cybersecurity is focused on protected electronic data), but at their core, they are looking to achieve the same end goal: protect critical or sensitive data. Depending on what industry you work in or what regulations you are addressing you may hear information security or you may hear cybersecurity (and sometimes, just in case you weren’t thoroughly confused, they may call it something else!); I’m just trying to put them all into one big bucket so regardless of what you call it, you train about it.
Wait a minute – Is that my neighbor or some stranger dressed as a cat burglar trying to get through my front door? Hold on – is that my aunt or some stranger who stole her profile picture trying to connect with me online?
See what I mean? October is scary… be prepared.