We are #CyberAware is the tag for the National Cybersecurity Awareness Month campaign. Each year this campaign is run by the National Cybersecurity Alliance. In 2018, Kardon, Security First IT, and HMWH are all signed up to be champions and publish information for the cyberaware campaign. Today, we will review what these campaigns are about and how you can use these and more like them to augment your education program.
2018 is the 15th year for the National Cybersecurity Awareness Month (NCSAM) campaign. Even though it has been around for all of those years most people don’t know about it. There are campaigns about branding certain months/weeks/days for getting people educated about a wide variety of topics. In fact, we just finished U.S. National Health IT Week Oct 12-18, also. Growing up on a dairy farm helps me know that June is National Dairy Month. While it can be the source of a lot of jokes the idea has been a consistent branding and education campaign for over 100 years. Yes, something month goes back that far.
With the “We are #CyberAware” campaign we have the opportunity to use it in our businesses to promote awareness without having to make it all up ourselves. There are so many groups publishing training information for this campaign it gets overwhelming. In fact, I have planned to do this for years and got so overwhelmed it never made it on the podcast. I am determined to get the information out there this year. So, hang on for some pretty random discussions of things I found and how we could use them in our training and security awareness programs.
The National Cybersecurity Alliance has a lot of reach with the different programs and websites they sponsor in addition to NCSAM. There is the Stay Safe Online site with includes tops and information for being safe online in general. That site also includes the Cybersecure My Business resources. They explain the concepts of the National Cybersecurity Framework. We have talked about the framework many times on this podcast and in our training sessions. If you want to learn there is no shortage of information available on these pages. Finally, you can connect also access the Stop Think Connect site with a wide variety of training and information about online security.
There are 4 #CyberAware themes one for each week of October.
Week 1: #CyberAware Tips to Protecting Yourself and Your Family at Home
The list of tips that are designed to talk about home. However, these practices used at home can extend to using the same ones at work.
- Lock down your login
- Back It Up
- Personal information is like money… Value it, Protect it
- Keep a clean machine
- Pay attention to the Wi-Fi router in your home
- Share with care
The suggested ways to take action for week one included:
- Turn on Multi-Factor Authentication to protect your financial, email and social media accounts.
- Update your software and turn on automatic updates to protect your home network and personal devices.
- Participate using #CyberAware on social media and include your friends and family in the conversation (head to StaySafeOnline.org to find a wide range of shareable, funny memes, graphics, and NSCAM posts).
Those all sound like things we try to discuss here regularly. It includes turning on MFA which we recently discussed. Patch management which I can’t begin to count how many times we have talked about this. Including your home router and network, which we covered recently, too. Sharing it is the final step and we certainly want you to share us!
This would be a great reason to post articles and tips around the office. Everyone responds better when you are giving them something personally rather than telling them something to do on their job. If you missed this event make your own or watch for some other option. Keep it in your plans to use it later.
Week 2: Millions of Rewarding Jobs: Educating for a Career in Cybersecurity
This one is huge. Research has continued to show there is a major shortage of cybersecurity professionals.
The Bureau of Labor Statistics predicts a steep 28% growth rate for cybersecurity positions between 2016 and 2026 — that’s 300% higher than the prediction for all occupations. Moreover, Cybersecurity Ventures predicts there will be 3.5 million cybersecurity job openings by 2021
Another article I read recently says there will be 2 million OPEN cybersecurity jobs world-wide NEXT YEAR. Yes, 2019. This article was pointing out that the shortage can impact national security. Yep, we don’t have enough to fight the cyber war even in uniform.
It has been a topic for years that not enough people are going into the field. There are many reasons that the shortage continues to grow. I can think of a few myself.
I have been telling rooms anyone that asked about “getting into computers” for years that security is where they need to be going. The field is just so scary to many people that they don’t want to think about it. There is certainly opportunity out there. Millions of openings right now and we can’t teach people fast enough.
Send out info again about them personally. Tell them that everyone has great opportunities to get into the cybersecurity field. Their kids, friends, family members or even themselves. Encourage people to talk about it and point out how badly we need help to protect all of us.
It is also a great excuse to encourage parents to talk to their kids or even contact a local school and ask what you can do to promote cybersecurity with them. It gets your name in the community as an activist for protecting everyone. It also may get across to parents. Smoking messages really got traction when they worked from the kids up.
Week 3: It’s Everyone’s Job to Ensure Online Safety at Work
Now we get to the business part of the awareness. While this is something we talk about in some way for every episode it really hits home when it is part of this campaign. Bottom line here folks, when it comes to cybersecurity you are either part of the problem or part of the solution. OK, maybe you are trying to be part of the solution but that is way better than being part of the problem!
The background information for the CyberAware campaign includes stats we have discussed here many times. Things like the Verizon report that said 58% of attacks are on SMBs, not big enterprises. A stat I hadn’t seen though was from the Better Business Bureau.
The Better Business Bureau found that more than half of small businesses would be unprofitable within a month if they were to lose permanent access to their essential data.
The list of suggestions follows the NIST CSF to a T.
- Identify your digital “crown jewels” (Identify)
- Protect your assets (Protect)
- Be able to detect incidents (Detect)
- Have a plan for responding (Respond)
- Quickly recover normal operations (Recover)
There are some great resources there for businesses that need yet another way to be told what to do for cybersecurity. There is an interesting The Cybersecurity Awareness Toolkit.
I have to say that there is a great deal of irony that right on the cover page it says:
Created for Small and Medium-Sized Businesses by the
National Cyber Security Alliance, Facebook, and MediaPRO
I am not sayin’ but I am just sayin’…… Is “the book” trying to do some good will here?
There is a lot of good information in the toolkit though. It has some really great shortlists they call Small Business Cybersecurity “Quick Wins”. I like those lists a lot. There are several in there. Here are some of my favorites:
Of course, the last one is near and dear to my heart. This guide is not for healthcare specifically. Look what they say you should be doing with your vendors!
Week 4: Safeguarding the Nation’s Critical Infrastructure
We weren’t kidding when we said that cybersecurity is a national security issue. Our infrastructure is under constant attack. We don’t know if they may be in there just sitting and waiting for the right time to shut down systems and much more. Not only do we have to do our best to stop them from getting in but even more concerning is being able to fight back once we find they are in there.
The thought starters they included for week 4 can be a little daunting just reading the sentences.
- How Hackers are Infiltrating our Election System
- Going Dark: Challenges to Protecting Our Nation’s Power Grid
- Cities Under Siege: What to do When Municipalities are Cyber Targets
- Designing the Secure, Smart Cities of Tomorrow
- Can One Phishing Attack Bring Downan Entire City?
- Airplanes and Railroads: When Transportation is Hacked
There is a lot of faith in our power grid by most people. They think at most they will be out of power a day or two tops. I have had a power outage for 5 days. I couldn’t live at home for 5 days. So much had to be dealt with after we returned. There is more to these situations than people realize.
It is important that we protect these things but also important that we realize they are under constant attack. So far we have explained how bad the shortage is and how every person needs to participate or they could accidentally become unwilling participants on the other side of the cyber war.
As I am writing this I am in the midwest. I think of the proud family with a sign that our property is protected by “pit bulls and pistols”. You know those people would be the first ones out the door with their pistols and pit bulls if you asked them to defend the community. However, you ask them to defend our cyber infrastructure and everything becomes more complicated. These folks have no idea how much they could be contributing to the problem.
They do have some great tips and points under the section they called:
#CyberAware Tips for Critical Infrastructure Professionals
- When in doubt, throw it out.
- Lockdown your login.
- Safer for me, more secure for all
- Keep a clean machine
That takes us through the whole month. Maybe we can have several assistants next year that can figure all this out for us in time to have a podcast about it well in advance. Start celebrating now, you still have time!
By the way, this week is also HealthIT Awareness Week. Don’t worry you can start planning now for Data Privacy Day on Jan 28, 2019.