Cybersecurity Awareness Month 2020: A Global Kick-off
Cybersecurity Awareness Month 2020: A Global Kick-off
October 1, 2020
- Cybersecurity Awareness Month was launched in October 2004 to ensure that every American had the appropriate resources needed to be safe and secure online
- The resolve to provide up-to-date online safety and security information to all global digital citizens has since expanded into a worldwide initiative supported by international governments and industries alike
The COVID-19 pandemic affected our digital lives in in previously unfathomable ways. This spring, workers moved out of office buildings and established workplaces in their homes, conducting “business as usual” from makeshift desks and repurposed spaces. At their side, school-age children were attempting to plug into virtual learning environments. Birthday parties and game nights evolved into online events and telemedicine became the norm.
The list goes on…
These dramatic shifts in “normal” activities forced organizations to overhaul their cybersecurity policies and budget for new or expanded technology to support the migrations of their most valuable assets – people. As we begin to grow accustomed to this new way of living and working – which isn’t so unfathomable anymore – October provides an opportunity to start readdressing cybersecurity best practices with our employees, their families, our customers/patients/clients/consumers and communities.
Most global Cybersecurity Awareness Month initiatives revolve around a yearly theme and weekly topics of focus. Below is a table of some of the various themes around the globe for 2020.
|2020 Theme or Focus||Do Your Part. #BeCyberSmart||Devices||Think Before U Click|
|Week 1: October 1-3||Official Kick-Off||Taking Stock: Take inventory of devices, their purpose, and your usage||Cyber Scams: Focus on phishing, business email compromise, and online shopping fraud awareness|
|Week 2: October 4-10||If You Connect It, Protect It: Everyone must own their role in protecting connected devices||Phone Week: Updating your operating system, avoiding smishing scams, enabling multi-factor authentication|
|Week 3: October 11-17||Securing Devices at Home and Work: Steps users and organizations can take to protect internet-connected devices for personal and professional use as these worlds collide||Computer Week: Creating complex passphrases, preventing malware, avoiding phishing scams|
|Week 4: October 18-24||Securing Internet-Connected Devices in Healthcare: Industry (hospitals, care facilities) and consumer (telemedicine patients) implication of internet-connected devices and steps each can do to own their part||Network Week: Setting up a secure WiFi network, using WiFi safely, protecting business networks||Digital Skills: Focus on e-privacy matters such as personal data protection, cyber bullying, cyber stalking, and cyber hygiene|
|Week 5: October 25-31||The Future of Connected Devices: Empowering users to do their part as technological innovations come to fruition||Smart Device Week: Setting up a network for smart devices, privacy settings, using IoT at home or your business|
|Link for more information||https://staysafeonline.org/cybersecurity-awareness-month/||https://www.getcybersafe.gc.ca/en/home||https://cybersecuritymonth.eu/|
During the Month of October
Cybersecurity Awareness Month provides an opportunity for organizations like Optiv to spread hard-won industry expertise on topics relevant not only to cybersecurity practitioners and executives but also to digital citizens across the globe. Many types of resources will be shared this month. If you don’t yet have plans for promoting awareness within your organization, here are a few ideas:
- Launch a set of video-conferencing backgrounds specific to Cybersecurity Awareness Month.
- Share messages about cybersecurity through all of your organization’s communication channels, including those that are external.
- Take free resources on relevant topics such as phishing, secure passwords and social engineering and share them in a weekly newsletter.
- Conduct a refresher training on digital hygiene or Simple Steps for Online Safety.*
- Host a weekly game of Kahoot (a personal favorite) with cybersecurity quiz questions.
- Share relevant cybersecurity statistics in an all-hands call, reinforcing the importance of everyone doing their part in strengthening the organization’s security posture.
Each year, this list will change – and the more creative and engaging you can make it for the people in your organization the more effective it will be. If not for social distancing, the list might include door/cube decorating competitions, lunch and learns, raffles and giveaways in the breakroom, posters, etc. It’s never too early to plan for next year, so start generating ideas now.
November 1 and Beyond
While Cybersecurity Awareness Month is an excellent opportunity to push topics and resources to your employees, the importance of cybersecurity should remain prevalent year-round, especially as our digital footprint expands. Here are a few steps your organization can take throughout the year to cultivate a culture of cybersecurity awareness:
- Empower employee self-education. Create a central repository/site where your employees can find various resources on cybersecurity topics, including relevant company policies, tips for staying secure while in and outside the office and pertinent updates aligned with the evolving cyber threat landscape.
- Provide ongoing awareness content. The key to consistently high program engagement is providing relevant, meaningful “bites” of information regularly. Drop tips, reminders and updates into weekly/monthly newsletters, internal/external social media channels, screensavers, login screens or even printed company calendars. Remember to include information that will be beneficial for employees at home and with their families.
- Provide opportunities for formalized training. As we have seen in 2020, the importance of cybersecurity is only going to expand over time. Have an application development team? Have underutilized security technology? Looking to expand your security team with internal resources? Invest in your people and provide them opportunities to take formalized training from industry experts.
- Create a safe space for questions and practice. Immersion in the cybersecurity field for any amount of time can result in assumptions that everyone around you has the same level of security awareness. Simulated phishing and social engineering exercises provide an opportunity for every employee to flex their cybersecurity awareness muscle. Handling failures as learning opportunities and sharing anonymized results with the entire organization help employees understand how their behaviors and actions contribute to or detract from the organization’s security.
Be sure to follow Optiv social media channels for updates throughout October and beyond. Optiv Insights is a great year-round resource for cybersecurity awareness from industry-leading experts. If you’re looking to plan, build, and run an awareness program within your organization, check out Optiv’s Cybersecurity Education Services.
*This link will only be accessible until December 31, 2020.