Posted on Oct 9, 2019
It’s National Cybersecurity Awareness Month (NCAM) — do you know how cyberaware your employees are?
National Cybersecurity Awareness Month is an effort sponsored by the U.S. Department of Homeland Security every October. Its goal: to raise awareness about the importance of good cybersecurity practices. This year’s theme is personal accountability.
Does this often mean training happens in October? Absolutely. However, while training is important, good cyber hygiene should be reinforced often. If possible, that reinforcement of good cybersecurity practices should be engaging, interesting, and even fun for employees.
We realize that’s a tall order. Cybersecurity awareness efforts can seem, at best, like a to-do list (Did you check the email? Did you update your software?) and at worst, like a scolding (your password isn’t strong enough!).
We promise, however, that it’s possible to have fun with cybersecurity awareness. Read on for some ideas.
Rather than just announcing that it’s National Cybersecurity Awareness Month on October 1 and scheduling one talk or training, create a series of events to engage your employees. It could be a lecture series, it could be infosec lunches, a scavenger hunt, or games. You might also want to create a theme for each week of the month, such as passwords, security at home, or mobile security. The goal is to keep cybersecurity top of mind throughout October and to develop good cybersecurity habits that will extend into the rest of the year.
If cybersecurity is important to you (and if you’re observing NCAM, it is) you’re probably already doing phishing tests at work. Rather than simply using those tests as a “gotcha,” turn them into a game. At the start of the month, offer employees a list of “clues” that an email isn’t from a real person: it’s not from the email address it appears to be from, it asks for personal information, etc. Every week, see who sniffs out the fake emails and reward them. It doesn’t even have to be phishing related — several cybersecurity best practices can be gamified, including password hygiene and understanding cybersecurity jargon. Choose the activities that support your themes for the month, and build your game around those.
Rewarding the winner of a game is one thing, but what if a non-technical employee really does spot a fake email and report it? In that case, rewards are in order. Rewards can range from public praise on the company Slack to a gift card. Remember, you want your employees to want to spot bad actors and potential incidents. Positive reinforcement can make your employees more likely to participate in cybersecurity efforts than seeing their co-workers get publically slapped on the risk for clicking dodgy links during phishing tests.
It’s often easier to learn something if the content is entertaining. Fortunately, there are plenty of videos about cybersecurity best practices online, and some of them are hilarious, like Ellen’s takedown of an actual physical address book for passwords or Jimmy Kimmel’s cringeworthy video of people on the street being asked their passwords and actually answering. Collect some of the videos relevant to your cybersecurity efforts and send them out to your employees over the month of October. They’ll be laughing, but they’ll also be learning.
We human beings tend to learn best when we’re being told a story. Stories help us understand why certain information is critical and what the stakes for us are. This is important, especially if you’re trying to communicate information that can seem dull. That’s why SecurityScorecard partnered with CyberHero Adventures, a comic series focused on cyber health. Love comics, superheroes and supervillains? CyberHero Adventures tells the story of people — some fictional and some real – who dealt with breaches, data theft, and cyber attacks. Those people include CyberHero Adventures founder Gary L. Berman. Berman, was a career marketing consultant and entrepreneur whose company fell victim to a prolonged series of insider cyber attacks. The first story in the comic is his.
The goal of National Cybersecurity Awareness Month is to get your employees interested in cybersecurity. That means that they should come out of October prepared to spot fake addresses, protect their passwords, and know how to avoid risk year-round.
You can also monitor your organization’s security posture with SecurityScorecard’s security ratings. Our platform allows you to continuously monitor the most important cybersecurity KPIs for your company and your third parties, including internal negligence.
The platform automatically generates a recommended action plan when issues are discovered, provides access to breach insights, and shows a record of issues that have impacted scores over time.
Check out our list of 3 top third party risk management (TPRM) challenges, and the actions you can take to bolster your program. Learn more.
Performing cybersecurity risk assessments is a key part of any organization’s information security management program. Read our guide.
Templates and vendor evaluations are needed to level that playing field, in a time efficient and fair way, so that the best vendors are chosen.
Co-founder and CEO, Alex Yampolskiy, speaks about the importance of measuring and acting on key indicators of cybersecurity risk.
You’ve invested in cybersecurity, but are you tracking your efforts? Check out our list of 9 cybersecurity KPIs you should track. Read more.
No waiting, 100% Free
Get your free scorecard and learn how you stack up across 10 risk categories. Answer a few simple questions and we'll instantly send your score to your business email.