Now that it’s October, you’re inundated with pumpkin spice everything. Whether you live in California or New England, the month evokes crisp air, apples, and jack o’lanterns. In cybersecurity circles, October is the most important month of the year: its when we celebrate National Cybersecurity Awareness Month (NCSAM). It’s a time for the industry, and really, anyone with an internet connection, to celebrate by taking the time to learn what they can do to up their cybersecurity game.
The cybersecurity statistics for small and mid-sized business are frightening. Data breaches have increased at an alarming rate while at the same time employee-owned devices have exponentially expanded your data landscape.
Most people assume that cybersecurity awareness means knowing threats are out there in the wild. However, the problem with this cybersecurity awareness definition is that knowing is different from acting. With cybersecurity, knowledge does not protect you, actions do. .
What is cybersecurity awareness?
Cybersecurity awareness is less about “what you know” than it is about “what you do.” Being cyber knowledgeable is like being in the 100 level course. Being cyber aware is akin to being in the graduate program. After all, even G.I. Joe will tell you that knowing is only half the battle.
Most people know that they have to update Microsoft Office when they get the alert after opening up Word. Unfortunately, many people click “later” because they don’t want to slow down their productivity.
The old saying goes, “actions speak louder than words.” This adage proves more true in cybersecurity than anywhere else. What 2018 security awareness topics apply to my business?As part of its cybersecurity awareness campaign, the National Cyber Security Alliance (NCSA) recognizes that creating a safer online experience requires a personal connection to data security. As part NCSAM, the Alliance set out four security awareness topics. While the first two, educating for a career in cybersecurity and protecting the nation’s critical infrastructure, may not apply to SMBs, the other two topics prove relevant.
Make Your Home a Haven for Online Safety
Just like the personal hygiene habit washing your hands after touching raw chicken, cyber hygiene is a learned behavior. In theory everyone knows about phishing and spam. They know they need to take precautions when shopping online and to install malware protection.
In reality, most people recognize threats but don’t act on them. This month, don’t just learn about these behaviors, practice them and turn them into habits.
It’s Everyone’s Job to Ensure Online Safety at Work
As a business owner, you might have created a mission statement promoting a corporate culture. Additionally, you likely hired individuals whose integrity, goals, and work ethic match yours. Now, you need to incorporate cybersecurity awareness into that corporate culture. To do this, you need to be a role model in the workplace.
You need to model the behaviors you want to see in your employees. Demonstrating awareness not only teaches but motivates your employees to engage in cyber aware behaviors - ones incorporating both physical and digital data.
How to move from awareness to action
Being aware of cybersecurity issues is only the first step to keeping your business safe. You want your employees to know what to look for, but also what to take action on. For example:
- The cyber-aware person recognizes the importance of pre-set spam filters for your email. The cyber-active person will report the spam email.
- The cyber-aware person recognizes that using credit cards when shopping online because the company will refund fraudulent charges. The cyber-active person turns off their bluetooth and WiFi setting when in a store to keep from being tracked.
- The cyber-aware person understands that downloading an anti-malware or anti-ransomware program protects their computer. The cyber-active person never uses a USB or other removable media without scanning it for a virus first.
The cyber-aware person knows what they should do. The cyber-active person mindfully acts to protect information.
What are some personal security tips for employees that protect your business?Cybersecurity tips for employees need to be practical. As noted above, the NCSA’s first cybersecurity awareness topic involves the home for a reason. Employees who practice safe cybersecurity at home will do the same at work.
A few personal security awareness tips from the NCSA’s Stop.Think.Connect campaign include:
- Finding the strongest authentication tools possible. To do this, make sure to equip your employees with biometrics, security keys, or unique one-time codes provided by an authentication app on your phone.
- Unique account, unique passphrase. Despite the number of applications you use, each one needs a different passphrase. At the very least, keep the personal and professional passwords different.
- Be careful with Bluetooth enabled Internet of Things (IoT) devices. For example, your smartwatch uses a Bluetooth connection to your phone, but these connections don’t have encryption or other protections which means cybercriminals can track you.
What are some physical security awareness tips?
Cybersecurity awareness doesn’t stop when you walk away from a device. Hackers increasingly use social engineering techniques in physical retail locations. The more devices you use to enable your business, the more information you put at risk. Therefore, you need to focus on protecting devices that store, transmit, and collect information as part of your cybersecurity awareness training.
Some tips to help employees focus on physical security to protect data include:
- Keep devices on your person or in a locked drawer when you’re not using them.Set your monitor or laptop to automatically enable a screensaver when your computer is idle.
- Use a passphrase for your screensaver.Use a passphrase or biometric ID (i.e. thumbprint or facial recognition) on any mobile devices left unattended. Turn on a screensaver or lock mobile devices when others are around. Make sure to enable a remote wipe capability for all mobile devices in case of loss or theft.
What are some engaging cybersecurity awareness month ideas?
Cybersecurity awareness questionnaires provide you with information about how much your employees know. Security awareness training answers, for example, let you measure how much knowledge your employees have about a topic.
However, creating a corporate culture that fosters cybersecurity awareness means making information security fun and interesting. Sure, at first glance, putting “cybersecurity” and “fun” in the same sentence seems counterintuitive. In reality, you can foster an overarching culture by making cybersecurity entertaining and interactive.
***WARNING: FUN ZONE AHEAD***
- Make cybersecurity awareness visible throughout your organization with publicly available posters or find art prints like this one from artist Cat Staggs.
- Send out emails with cybersecurity memes
- Use a cybersecurity role playing game.
Zeguro Focuses on You First When It Comes to Cybersecurity Awareness
As a business owner, you not only protect yourself when your employees are cyber aware but you also empower your employees to recognize and act against threats to protect your customers and reputation.
Our primary value statement at Zeguro is You First. For us, this means:
The interactions, offerings and attitudes of Zeguro are centered around the benefit to the individual.
Cybersecurity awareness is about protecting and benefiting the individual. As a company, we offer cybersecurity awareness training modules that ease this process for you.
Cybersecurity hygiene puts your customers and employees first by creating an overall better internet.