Ask any IT (Information Technology) Professional about October and they are painfully aware that it is Cyber Security Awareness Month. They are barraged with emails and offers for cyber products and campaigns. Focusing on security and IT professionals with cybersecurity messaging is like targeting firefighters about fire safety awareness, good messaging, misdirected audience.
Who should be paying attention to Cyber Security Awareness Month?
While our security and IT professionals focus on cybersecurity every day, cybersecurity awareness month is designed for the “rest of us” from the boardroom to facilities. Its aim is to lay the groundwork to create a Cyber Aware Culture.
Leadership sets the tone.
Nearly 40% of IT professionals cited their executive teams as the weakest link in their quest to secure the organization. This indicates not only a disregard by leaders of the importance of cyber awareness but also a chasm in the ability to create a cultural change within an organization.
According to the NIST publication, Cyber Security is Everyone’s Job “Deep technical knowledge is not required from leaders; rather, they should model good personal security habits based on sound guidelines.” It requires leading by action. Living by the acceptable uses policies, engaging in end-user education rather than relying on executive admins to police their desktop and creating time, space and rewards for all employees that engage in CyberSAFE practices.
Training and awareness builds understanding.
Awareness campaigns, reward programs, and end-user training should be a year-round event but leveraging the tools available during October can jump-start an ongoing program. Readiness Assessments can evaluate the entire workforce and provide reporting back to provide a cyber health status, phishing campaigns with performance measurements before during and after training can motivate teams for improvement.
Dave Stagnitto, VP of IT at Logical Operations noticed a significant decrease in breaches after implementing this technique. “Our end-user breaches went down over 40% after rolling out CyberSAFE company-wide. We now spend more time investigating help desk tickets from end users sending us suspicious emails or notifications of expired web certificates than cleaning up after attacks.”
Cyber secure cultures increase production.
There are many ways that change can be implemented. It is important that your organization’s plan reflects your company culture. What matters is that you form the basis for developing a cyber-secure culture by increasing awareness and fostering the right mindset. With a sound cyber-secure culture in place, each business function can focus on its own contribution to protect the organization. Be CyberSAFE.