Tips for Enhancing Cybersecurity Month

For those who aren’t aware, October is known globally as Cybersecurity month. It was first launched by the National Cyber Security Alliance (NCSA) and the U.S. Department of Homeland Security (DHS) in October 2004 as a broad effort to help all Americans stay safer and more secure online. As time went by, it gradually became a worldwide event, and the month has been designated as Cybersecurity Month. As October is fast approaching, I decided to share some useful tips I used to enhance cybersecurity month in different organizations I have worked in:

 Have a Budget for the Month

This is the first step in planning for Cybersecurity Month. It is important to have a budget because you need to plan for several aspects of the program, like events, gift items, travel expenses, awards, posters, and banners, among other things.

 Collaborate with HR, Marketing, and Media team to create Cybersecurity Awareness

Over the years, I have observed that departments such as Human Resources, Public Relations, Marketing, and Media often take creative approaches when engaging with employees within an organization. The Human Resource department knows the best time to run campaigns for maximum results while the marketing/PR/Media departments know the best gifts that can pique the interest of users. These departments can assist in coming up with a myriad of ideas that can help promote your “Cybersecurity Month” better than the Information Security team. It will be in your best interest to synergize with these departments to get optimal engagement for a successful Cybersecurity Awareness Month. Remember, Information Security is not just about technical jargon but also about people and relationships.

 Weekly Newsletters for Cybersecurity Month

Newsletters are one of the best ways to create awareness and pass important information across to any audience. In order to create cybersecurity awareness, the newsletter for the month of October can focus strictly on cybersecurity tips and awareness. Some topics to feature can include but are not limited to “Policies every employee should be aware of”, “Recent Cyber Attacks and prevention”, and so on. You could have a look at your incident register for the highest occurring incidents and create newsletters based on them. For instance, if most incidents are related to phishing incidents, you should do newsletters educating your employees on how to identify phishing emails and what to do when they suspect an email could be a phishing email. As previously stated in the point above, this will be done in collaboration with HR/ Marketing & PR teams to ensure its effectiveness.

 Weekly Cybersecurity Trivia/Question/Quiz

As a follow-up to the weekly newsletters sent out, you can come up with questions/quizzes/trivias that can also be sent out subsequently to see how well employees are engaging with the newsletter content. These questions should be related to the topic of the preceding newsletter. To get a better response from trivias and quizzes, you can put incentives and cash prizes in place for people who perform excellently. Choosing winners can get tricky so you can use any of the following options: a gaming system like Kahoot to engage users or use “wheel of fortune” to determine the winner. Another option I have used was one where employees send in their response via mail, and we select the first response or the top 3 correct answers. The only challenge with this is that an employee's response is based on the time the email containing questions arrives at the employee's mailbox, which usually varies across the organization.

 Invite Third-Party Security Vendors for Cybersecurity Events

You can discuss with one of your information security vendors who can help you in facilitating an event like a 1-day awareness for the senior management team and all employees. Having someone external addressing your staff will usually yield better results in their adherence and adoption of the information being communicated.

 One-on-One Interactions

In some scenarios, based on the organization, some departments might require specialized awareness and the presence of some members of the information security team to engage and educate them on certain practices or culture that could put the organization's cybersecurity posture at risk. Even though these engagements do not have to happen during the cybersecurity month, this could be a good time to engage, educate, and receive feedback from these departments.

 Organise  a Podcast

Another good idea is to record a podcast for the month. This can be done in collaboration with the Media/Marketing/HR teams as well. I once had my HR and Marketing team come up with a very successful podcast. In place of weekly newsletters, we had weekly podcasts covering different cybersecurity topics. A member of the HR or Marketing team hosted the podcast, and different IT leaders with expertise in cybersecurity were invited as guest speakers to discuss different topics each week.

How do you organise Cybersecurity Month in your company? What creative ideas do you use in creating security awareness? Kindly share your thoughts and comments below.