Cybersecurity Awareness Month 2020: A Global Kick-off

October 1, 2020

  • Cybersecurity Awareness Month was launched in October 2004 to ensure that every American had the appropriate resources needed to be safe and secure online
  • The resolve to provide up-to-date online safety and security information to all global digital citizens has since expanded into a worldwide initiative supported by international governments and industries alike

 


The COVID-19 pandemic affected our digital lives in in previously unfathomable ways. This spring, workers moved out of office buildings and established workplaces in their homes, conducting “business as usual” from makeshift desks and repurposed spaces. At their side, school-age children were attempting to plug into virtual learning environments. Birthday parties and game nights evolved into online events and telemedicine became the norm.

 

The list goes on…

 

These dramatic shifts in “normal” activities forced organizations to overhaul their cybersecurity policies and budget for new or expanded technology to support the migrations of their most valuable assets – people. As we begin to grow accustomed to this new way of living and working – which isn’t so unfathomable anymore – October provides an opportunity to start readdressing cybersecurity best practices with our employees, their families, our customers/patients/clients/consumers and communities.

 

TL_CAM-KickOff_Blog_CAM-Blog-Interior-Assets_800x500.jpg

 

Most global Cybersecurity Awareness Month initiatives revolve around a yearly theme and weekly topics of focus. Below is a table of some of the various themes around the globe for 2020.

 

  United States Canada Europe
2020 Theme or Focus Do Your Part. #BeCyberSmart Devices Think Before U Click
Week 1: October 1-3 Official Kick-Off Taking Stock: Take inventory of devices, their purpose, and your usage Cyber Scams: Focus on phishing, business email compromise, and online shopping fraud awareness
Week 2: October 4-10 If You Connect It, Protect It: Everyone must own their role in protecting connected devices Phone Week: Updating your operating system, avoiding smishing scams, enabling multi-factor authentication
Week 3: October 11-17 Securing Devices at Home and Work: Steps users and organizations can take to protect internet-connected devices for personal and professional use as these worlds collide Computer Week: Creating complex passphrases, preventing malware, avoiding phishing scams
Week 4: October 18-24 Securing Internet-Connected Devices in Healthcare: Industry (hospitals, care facilities) and consumer (telemedicine patients) implication of internet-connected devices and steps each can do to own their part Network Week: Setting up a secure WiFi network, using WiFi safely, protecting business networks Digital Skills: Focus on e-privacy matters such as personal data protection, cyber bullying, cyber stalking, and cyber hygiene
Week 5: October 25-31 The Future of Connected Devices: Empowering users to do their part as technological innovations come to fruition Smart Device Week: Setting up a network for smart devices, privacy settings, using IoT at home or your business
Link for more information https://staysafeonline.org/cybersecurity-awareness-month/ https://www.getcybersafe.gc.ca/en/home https://cybersecuritymonth.eu/

 

TL_CAM-KickOff_Blog_BeCyberSmart_800x500.jpg

 

 

During the Month of October

Cybersecurity Awareness Month provides an opportunity for organizations like Optiv to spread hard-won industry expertise on topics relevant not only to cybersecurity practitioners and executives but also to digital citizens across the globe. Many types of resources will be shared this month. If you don’t yet have plans for promoting awareness within your organization, here are a few ideas:

 

  • Launch a set of video-conferencing backgrounds specific to Cybersecurity Awareness Month.
  • Share messages about cybersecurity through all of your organization’s communication channels, including those that are external.
  • Take free resources on relevant topics such as phishing, secure passwords and social engineering and share them in a weekly newsletter.
  • Conduct a refresher training on digital hygiene or Simple Steps for Online Safety.*
  • Host a weekly game of Kahoot (a personal favorite) with cybersecurity quiz questions.
  • Share relevant cybersecurity statistics in an all-hands call, reinforcing the importance of everyone doing their part in strengthening the organization’s security posture.

 

Each year, this list will change – and the more creative and engaging you can make it for the people in your organization the more effective it will be. If not for social distancing, the list might include door/cube decorating competitions, lunch and learns, raffles and giveaways in the breakroom, posters, etc. It’s never too early to plan for next year, so start generating ideas now.

 

 

November 1 and Beyond

While Cybersecurity Awareness Month is an excellent opportunity to push topics and resources to your employees, the importance of cybersecurity should remain prevalent year-round, especially as our digital footprint expands. Here are a few steps your organization can take throughout the year to cultivate a culture of cybersecurity awareness:

 

  1. Empower employee self-education. Create a central repository/site where your employees can find various resources on cybersecurity topics, including relevant company policies, tips for staying secure while in and outside the office and pertinent updates aligned with the evolving cyber threat landscape.
  2. Provide ongoing awareness content. The key to consistently high program engagement is providing relevant, meaningful “bites” of information regularly. Drop tips, reminders and updates into weekly/monthly newsletters, internal/external social media channels, screensavers, login screens or even printed company calendars. Remember to include information that will be beneficial for employees at home and with their families.
  3. Provide opportunities for formalized training. As we have seen in 2020, the importance of cybersecurity is only going to expand over time. Have an application development team? Have underutilized security technology? Looking to expand your security team with internal resources? Invest in your people and provide them opportunities to take formalized training from industry experts.
  4. Create a safe space for questions and practice. Immersion in the cybersecurity field for any amount of time can result in assumptions that everyone around you has the same level of security awareness. Simulated phishing and social engineering exercises provide an opportunity for every employee to flex their cybersecurity awareness muscle. Handling failures as learning opportunities and sharing anonymized results with the entire organization help employees understand how their behaviors and actions contribute to or detract from the organization’s security.

 

 

Stay Tuned

Be sure to follow Optiv social media channels for updates throughout October and beyond. Optiv Insights is a great year-round resource for cybersecurity awareness from industry-leading experts. If you’re looking to plan, build, and run an awareness program within your organization, check out Optiv’s Cybersecurity Education Services.

 

*This link will only be accessible until December 31, 2020.

Tiffany leads the Security Awareness Training and Threat Emulation practices at Optiv, overseeing the design and development of engaging and meaningful security awareness programs for customers. For over six years, Tiffany has been developing learning solutions that address the unique challenges of global organizations facing a wide array of cybersecurity risks. She has a background in education and has a Masters in Instructional Design & Technology and has worked in Learning & Development for 12 years.