Every Month Should be Cybersecurity Awareness Month

On October 21st, our partner, the National Cybersecurity Alliance and The Embassy of the United States of America hosted the “Building a Human-Centric Approach to Cyber Security” virtual event celebrating Cybersecurity Awareness Month.

The event included speakers from the The National Cybersecurity Alliance, Canadian Centre for Cyber Security, The Cybersecurity and Infrastructure Security Agency (CISA), Microsoft, and Terranova Security. They shared insight on how to build an effective, human-centric cyber security strategy.

During the main presentation, the speakers stressed the importance of providing employees with ongoing cyber security education through engaging content, emphasizing behavioral change to reduce security risk, and adapting existing security policies and processes to prepare work safely in a remote or remote-hybrid workforce.

Here’s a look at some of the core messages from the event:

Emphasize ongoing cyber security education through engaging content

One of the key findings of the event was that it’s impossible to build a human-centric security strategy unless your training content engages employees. Successful security plans leverage this appealing learning experience to ensure a deep understanding of cyber and what best practices end users need to embrace to protect their data.

As a result, organizations need to highlight what’s in it for employees and design training materials accordingly when developing security awareness training materials. Organizations can do this by outlining specific risks users may face when working at home and outlining steps they can take to protect themselves and their families.

Once they know how to act safely at home, they will also start to apply those best practices when they’re in the office. Executives and managers also have a key role to play in leading by example, championing security-conscious behaviors, and highlighting how important they are for protecting sensitive data from malicious entities.

Enhance information security by focusing on behavioural change

With 85% of breaches coming from human interaction, focusing on behavioral change is critical to reducing the risk of security incidents. The only way to effectively encourage employees to become more security conscious is with year-round security awareness training.

One way to do this is by identifying employees with a lower level of security awareness, looking at who has failed phishing simulations or surveys, and providing them with additional training opportunities to change their behavior and become more security-conscious.

Clear, continuous communication with end-users is essential for ensuring that they are up-to-date on the latest threats and actively taking steps to work safely. The event highlights that building the foundations of a cyber aware culture is an ongoing process and not a short-term project.

Adapt your existing security policies and processes to a remote or remote-hybrid workforce

With more organizations adopting remote or remote-hybrid policies following the COVID-19 pandemic, there is a growing need for organizations to adapt existing security policies and processes to support a distributed workforce. Building a successful security awareness training program in a remote world can be achieved by taking a few simple steps:

  • Developing a well-structured training plan with objectives and KPIs
  • Creating engaging, inclusive content for users to maintain engagement
  • Providing real-world phishing simulations to help employees become more confident spotting phishing messages in their daily lives
  • Reinforcing key messaging and cyber security topics regularly to increase participation
  • Offering security awareness training in the native language of the participant

Above all, setting objectives and KPIs is vital to measure the effectiveness of cyber security awareness training and pinpointing areas of improvement so that an organization can consistently improve security awareness over time.

Human-Centric Awareness Training Isn’t Just for Cybersecurity Awareness Month

While Cybersecurity Awareness Month is over, the need for human-centric security awareness training isn’t. Proactive security awareness training still has a critical role in ensuring that employees know how to protect themselves and their organizations against the latest threats.

Want to find out more about how to protect your users against cyber threats? Check out our free Cyber Security Awareness Month Kit