national cybersecurity awareness month logo bOctober is National Cybersecurity Awareness Month (NCSAM) and it is a perfect tool to feature security awareness training with both your workforce and clients.  You can not beat an opportunity to run a month long awareness program that provides EVERYTHING you need for free.  Today we discuss what the program includes and how to use it in your office.

National Cybersecurity Awareness Month Workforce Training

All organizations can use some help with building effective training programs. Cybersecurity is a tough one to figure out how to reach everyone in some way. There is an assumption that all you need to worry about in cybersecurity is a complex password. In fact, I have had staff tell me after a training class that they were pleasantly surprised by my class because it didn’t just talk about passwords for the 100th time. In fact, they mention in the awareness month material the importance of keeping sessions lighthearted because this stuff is so boring. That is why NCSAM is such a great tool to use. It isn’t just about those things and it is designed and published for you to use for FREE. That is right — FREE.

What is National Cybersecurity Awareness Month?

This is the 16th year that NCSAM has been observed in October as another public-private collaborative effort.  The U.S. Department of Homeland Security and the National Cyber Security Alliance (NCSA) lead the push but always get all kinds of private companies as partners to supply resources.

The objective is to ensure every American has the resources they need to stay safer and more secure online.

Every year they feature a theme and roll out messages throughout the October related to that theme.  Last year we did our episode on it in October because we are slack (We are #CyberAware – Ep 176).  This year we have our ducks in a row and discussing it at the beginning of Sept!  We think it is a great tool to use for your security awareness training.  Even if you don’t do it in October, do it in November, December or even a month in 2020. You can even recycle the content when something happens in the news that relates to one of the topics. “Hey did you guys see the news about such and such. As a reminder, here is a relevant bit we reviewed about X during awareness month. Let’s stay aware out there!”

What is the theme for 2019 awareness month?

Last year it was all about a shared responsibility in cybersecurity. This year’s theme focuses on encouraging personal accountability and proactive protection behavior with the theme: ‘Own IT. Secure IT. Protect IT.’

I really like the thought they put into these themes.  This year there are some catchy phrases.  The focus of each one of those bullets breaks down into relevant messages.

Own IT.

Never Click and Tell: staying safe on social media

Update Privacy settings

Keep Tabs on Your Apps: best practices for device applications

Secure IT.

Shake Up Your Passphrase Protocol: create strong, unique passphrases

Double Your Login Protection: turn on multi-factor authentication

Shop Safe Online

Play Hard To Get With Strangers: how to spot and avoid phish

Protect IT.

If You Connect, You Must Protect: updating to the latest security software, web browser, and operating systems

Stay Protected While Connected: Wi-Fi safety

If You Collect It, Protect It: keeping customer/consumer data and information safe

The first two have some great points that are very much what we talk about regularly both on this podcast and with our clients and even family members.  But the last section on Protect IT is by far my favorite.  All three make perfect catch-phrases that can just be posted alone.  Don’t worry, I will be using them for all kinds of things.  Expect to see it at the boot camp somewhere for sure!

How can I use awareness month for my workforce training?

You can sign up on the website to become a National Cybersecurity Awareness Month Champion for free.  That is step one because that gives you access to all the material toolkit and it only takes two minutes.

Watch the webinar they did that explains how the program works and how to use the toolkit which takes about an hour, unless you are like me and I skip past all the intro stuff because I have heard it or read it already. You can also download the slides and go through them yourself. Even use them for your promotions.

The hashtags to follow and use #BeCyberSmart and #CyberAware to post on your social media accounts because there will be resources linked to those hashtags out there, as well. Don’t worry, they even give you social media post texts to use in the toolkit. You can use those internally.

Share the information with your patients and clients as well as internally by sending out newsletters or posting in your office where everyone sees it because it never hurts to show your patients that you are worried about cybersecurity.

Own IT.

Secure IT.

Protect IT.

The toolkit has posters and links to all kinds of resources but you don’t have to use all of them but remember the messages that work best are the ones that engage people with what cybersecurity means to them personally. If your staff worries more about their cybersecurity at home then they will worry about it at work, as well. Plus, if they worry about it personally they will start to worry about the personal impact to your patients, clients, and business. Skipping the ones that don’t apply to the office like the ones about shopping could mean you miss an opportunity to engage them personally.

Get leadership buy-in.  Maybe get them to select something they feel they should be doing better themselves or something they are committed to implementing for their personal security.  Use that as a learning tool for everyone.  The more messages sent from the very top-down, the more likely you are to engage with people and get their attention.  At a minimum, make certain that leadership will NOT disparage the program in any way by reminding them: “If you can’t say something nice, then say nothing at all”!

Use the tools in the toolkit which is loaded with resources like posters, email templates, logos and social media posts that can all be used internally and externally, don’t forget that. Also, there are resources on the other websites maintained by these groups that will be included. Here are some ideas:

Leadership and management cybersecurity awareness training

Send videos in the CyberSecure My Business series to the management and leadership team like Detecting a Cyber Incident in Your Small Business or Cybersecuring Your Home Office or Home-Based Business.

Put the topic on the agenda for the October meetings to review how the webinar points apply to your business or that of your clients and what you are doing about it.  Maybe you need to discuss what you need to do about those things. Also, a great time to suggest that cybersecurity and privacy issues be discussed at every meeting. It is time to get this level of visibility in the business for these topics. Your finances could be completely destroyed by ignoring privacy and security topics in the world we live in.

From password to passphrases implementation

Do a session via video, webinar, or staff meetings to explain the new direction of passwords from complex 8 characters to long passphrases.  Include a discussion of using MFA on all important things.  Work with IT on how you can implement some of these changes during October or before year-end.  Tie it all back to the information supplied about those things under the

Mobile device security

Everyone needs this one for themselves, their family, and the business.  Best practices for managing device applications is part of the toolkit.  Make that one major message for the entire workforce.  Blend it into all kinds of places in the office.  This is a great opportunity to make security personal.  People must understand that they do have things that others want and it is never a good idea to just start giving away your information to foreign adversaries or cybercriminals.

national cybersecurity awareness monthWe could go on and on here.  Maybe you do a push in October with some of these tools and then make a quarterly one out of the other ones that you use throughout 2020.  There are so many ways you can use all of these resources to make your workforce security awareness program part of your culture.  Use it in October or whenever you need to do some awareness training in your organization.