Beginning in 2004, October has been earmarked by the President and Congress as National Cybersecurity Awareness Month in the United States to encourage the private and public sectors to promote cybersecurity’s importance.
The Cybersecurity and Infrastructure Security Agency (CISA) and the National Cybersecurity Alliance (NCA) are collaborating to tap into existing resources, build new ones, and tighten messaging for organizations to use when urging their people to stay safe online.
This year's campaign will focus on the following four key behaviors to be simple and actionable for both individuals and businesses:
- Enabling multi-factor authentication
- Using strong passwords and a password manager
- Updating software
- Recognizing and reporting phishing
How MSSPS, MSPs and You Can Make the Most of National Cybersecurity Awareness Month
Of course, there’s plenty of room in the campaign for managed security service providers (MSSPs) and managed service providers (MSPs) to advise their clientele on how to participate and gain the most from the month’s events.
Along those lines, CISA is touting a number of ways organizations and individuals can encourage customers to take get involved:
- Follow CISA on Twitter, LinkedIn, Facebook and YouTube to receive the latest news and resources.
- Post online safety tips and contribute your own advice and resources to social media by using the hashtag #CybersecurityAwarenessMonth!
- Share helpful tips and resources with friends and family, especially vulnerable groups like seniors.
- Hold a family “tech talk” and discuss how each family member can protect their devices, accounts, and personal information.
- Share tip sheets, print resources, and display them in areas where family members spend time online.
At Work, at School, and in Your Community
- Send an email to colleagues, employees, customers and/or your school about Cybersecurity Awareness Month. Outline how your organization will be involved. Highlight the 4 simple steps.
- Encourage your organization to share the 4 simple steps and cybersecurity advice on your social media accounts encouraging customers and employees to stay safe online.
- Host a poster or video contest for students or employees where in which participants create
informative, online safety resources. Display the winning entries at school or share them with your community.
- Incorporate Cybersecurity Awareness Month into your organization’s newsletter or employee required training.
- Host a local or virtual event or training for your organization. Discuss smart security practices, relevant cybersecurity issues, and allow participants to ask pressing cyber-related questions.
- Conduct a mock phishing simulation with employees. Remember to reward positive behavior, not to punish for mistakes. Consider providing small prizes to those who perform well and are engaged in activities.
- At the end of the month, send employees an email highlighting your activities, results and successes. Recap best practices learned throughout the month.
- Consider volunteering at a community center, senior center, school, library, or scout troop to teach others about how they can stay safe online.
Accordingly, KnowBe4 has compiled its own list of top tips to help organizations plan and execute a successful NCSAM in October:
- Plan special activities such as presentations, games and other fun events.
- Focus on changing behaviors and creating a strong security culture rather than simply providing information.
- Provide rewards and incentives for employees who practice secure behaviors such as reporting phishing emails properly and using strong passwords.
"One of the key takeaways from this campaign is that cybersecurity awareness should not be restricted to just one month a year," said Stu Sjouwerman, KnowBe4 chief executive. "It is an ongoing effort and consistency is far more important than intensity. October should be used as the catalyst to get the motor running and keep propelling activities forward."
Other cybersecurity executives weighed in on the importance of the month.
“Today, cyber threats are escalating into full-blown crises, making Cybersecurity Awareness Month more than a gentle reminder but a stark warning that we must urgently overhaul our digital defenses,” said Don Boxley, chief executive and co-founder of DH2i.
Carl D’Hallium, Datadobi chief technology officer, added, “This month-long focus is not just an opportunity but a necessity for organizations to deepen their commitment for employing the necessary methodologies and technologies that enable effective internal data governance and oversight. A proactive, inside-out approach to cybersecurity has never been more crucial.”