Cyber Awareness Month is more than a “Hallmark Holiday”
Is Valentine’s Day the ONLY day of the year you should give your loved one flowers? No!
Is St. Patrick’s Day the only day I’m Irish? No!
Just because the marketing industry focuses attention on these themes at certain times, we don’t forget their importance the rest of the year.
In the same vein, October, designated as Cyber Awareness Month since 2004, isn’t the only time our community should work together to raise awareness about cybersecurity.
The four steps highlighted as part of Cybersecurity Awareness Month have been the same for years:
- Turn on Multi-Factor Authentication (MFA)
- Update your software
- Think before you click to avoid phishing attacks
- Use strong, unique passwords
These are important fundamentals. I’ve spoken about them and created how-to videos on ways to accomplish them.
That said, a lot has changed in the 20 years since Cybersecurity Awareness Month began. Cyberattacks are more frequent and complex. Costs are higher. People are more aware of cybersecurity at home and work than ever before.
From a consumer perspective, connected devices are in most homes (whether people realize it or not.) We carry mobile devices that contain our most personal information, and many people have experienced identity theft.
The workplace (if it’s even a “place”) has changed too. Cybersecurity awareness is now required for non-technical people, along with IT and security teams. Most companies require awareness training for every employee and contractor. Boards of Directors increasingly have at least one member with cyber expertise.
Unfortunately, this growing cyber risk awareness isn’t driving better preparedness or resilience. Despite investments of time and money, most people believe their organizations are at risk of cyberattack in the next year.
Now is the time to act. Use this month of October to set up systems that build on the cybersecurity fundamentals. Use this opportunity to create policies and implement tools that embed cybersecurity in your organizational culture. Cybersecurity cannot be effective if it’s treated as an afterthought. Instead, it should be a seamless part of peoples’ everyday lives.
Here are some ideas to keep Cyber Awareness Month going all year long.
- Contribute to the cyber community – Collaborate, share knowledge, and even become a mentor to others. Join cybersecurity groups like BSides, Security Tinkerers, SANS, ISACs, Slack channels, etc. If you’re a Delinea customer, talk to your account rep and join the Secret Society to share PAM best practices.
- Practice, practice, practice – Create an organization that can spot the red flags AND feels confident reporting them. Don’t just have employees watch cybersecurity training videos. Instead, test their ability to recognize and report suspicious emails and applications and share the results.
- Expose your security team to real-life scenarios – Build your security team's skills with blue and purple teaming. Do a dry run of your incident response plan to see how well your team communicates and responds to a crisis. Reverse engineer cyber incidents to reveal security gaps.
- Empower employees to do the right thing – The easier security technology is to use, the more likely people will adopt it. Explore ways to put technology behind the scenes so that it doesn’t become a burden and people can stay productive.
These strategies have a common element. They reinforce the concept that cybersecurity awareness is a skill everyone is responsible for continually improving. That means creating a safe place for people to try, fail, and integrate what they learn, so your entire organization becomes more cyber-resilient.
Cybersecurity for Dummies