As October approaches and cybersecurity awareness month gets underway in both North America and Europe, why not take the time to bolster security awareness practices? Javvad Malik, lead security awareness advocate, KnowBe4, shares cybersecurity advice to improve cybersecurity hygiene.
North American and European cybersecurity awareness month takes place every October and this year’s themes offer a chance to reflect and improve upon cybersecurity practices at an individual level, as well as an organizational one. Let’s break down some of the key themes from both initiatives and share some practical advice about how to achieve more secure behaviors in and outside of the office.
Be Cyber Smart
Week one of North American cybersecurity awareness month stresses the importance of keeping data safe and practicing good cyber hygiene. Of course, one of hackers’ most used tactics is social engineeringÂ and therefore teaching users to spot social engineering red flags is crucial. In order to improve awareness in your organization, why not send out some tips via email to employees that teach them how to spot these red flags? For instance:
Suggested subject line: Get to know these social engineering red flagsÂ
Ever get an email that just seemed off? An invitation to click on a link from a stranger, or a weird request from a usually trustworthy source? It’s highly likely that these were social engineering attempts by cybercriminals who use manipulation tactics in order to trick you. The end goal will be for you to give up personal information or take an action that would not be in your own best interest or that of your organization.Â Â
Bear in mind that recognizing and reporting social engineering is one of the most effective ways to improve cybersecurity hygiene. Therefore, we’re sharing with you the top tips to fight this form of attack during cybersecurity awareness month:
- Criminals are motivated by money, so treat any email or phone call with the mention of finances, money, or exchange of bank details with cautionÂ
- Be careful when clicking links or opening attachments in emails and text messages, even if it appears to come from a trusted source.Â Â
- If the message has an urgent call to action, stop and think before taking any action.Â Hackers rely on this tactic to trick you.
Fight the Phish
Week two of cybersecurity awareness month is concerned with â€œfight the phishâ€. A different, interactive drill to keep employees involved could be a â€˜catch-the-phish’ exercise. This entails offering employees a contest to see who can report the most phishing emails throughout the month of October. The winner receives a prize, it could be a voucher, free lunch, or highlighted recognition in a company newsletter. Some companies will even organize a weekly video conference to invite employees to and share any suspected phishing attempts they’ve received. This could include spotting the sneakiest phish or even the most obvious phish. When employees feel involved in a competition, it goes a long way towards engaging them in the long run. And if they get some recognition for it, even better!
Cybersecurity Is a Shared Responsibility
This is a key theme for European cybersecurity awareness month and one that is central to any organization’s security program. To help employees recognize that they have a role to play in cybersecurity, they need to feel involved as a valuable part of the process. A suggested email to send internally could look something like this:
Suggested subject line: Remember your role when it comes to internet security
While some sort of normality seems to be slowly coming back to working life, the pandemic has not slowed down cybercriminals, which means we all have to be extra-vigilant.Â
Let’s not give cybercriminals the leverage they need to make a profit off organizations like ours. While they appear to be doubling down on efforts to spread malware and social engineer employees, we all have a role to play in keeping the company safe and cyber secure.Â
So, we’re using this cybersecurity awareness month to offer a free training course to help you make better security decisions in your everyday life that could very well prevent a cybercrime attack. Together, we can beat cybercriminals at their own games. With this session, you will learn:
- Everyone is a mark for cybercriminals who do not discriminate
- Cybercrime is way more common than you might have previously thought
- You have an active role to play in keeping our business safe from cybercrime
- The tactics that hackers use and how you can learn to tell the real from the fake
There are also some useful hashtags to follow during the month to stay up to date with the latest advice and resources: #CyberSecMonth, #ThinkB4UClick, #BeCyberSmart
October is as good a time as any to start making cybersecurity a priority for your organization, or even refresh your current security awareness practices. These are just some ideas to get organizations thinking about the approach they take, and it really can be simple activities such as the ones listed above. Often companies can be fooled into thinking that security awareness is too time-consuming or cost-prohibitive, but businesses of any size can benefit from these small yet regular exercises to keep security top of mind. It will ensure that the organization is incrementally improving its human firewall and addressing a key weakness that cybercriminals target time and time again: human behavior.