- Employee awareness
- 5 min read
Cyber Security Awareness Month (also known as European Cybersecurity Month (ECSM)) is taken as an opportunity by many cybersecurity professionals to:
Assess the current performance of ongoing awareness programmes
Launch new awareness initiatives
All the above
ECSM itself is an annual umbrella initiative — held throughout October — from the European Union Agency for Cybersecurity. It was first staged in 2012 and now activities are coordinated with the US as well. Under this umbrella, hundreds of organisations put on their own events, training and programmes. The goal is to raise awareness of cybersecurity among people and businesses.
This year sees Cyber Security Awareness Month with two themes:
First aid — guidelines on what to do if one falls victim to a cyber-attack
Be cyber-secure at home
It's pleasing that the spotlight is on cybersecurity in the home. Similarly, this is reflected in ECSM’s objective ‘to ensure end-users and organisations are well informed on potential cybersecurity risks.’
Traditionally cybersecurity responsibles and employees have separated work from home. But the recent rise of working from home has blurred the lines between the two. Add the fact that people are becoming more tech-savvy in general, being a cyber secure citizen is now a must-be.
Significantly, we are seeing more clients include home cybersecurity in their awareness programmes.
Clearly, ECSM is not an end in itself. However, it is a golden opportunity for you to carry out in-flight refuelling to your awareness programmes. Possibly with higher octane fuel. Similarly, you can launch a brand-new initiative.
In short, it is an opportunity to make cybersecurity look bright and shiny to draw in your employees.
So, what can you do?
Just about anything you need to. ECSM is a blank page with a few helpful notes in the margin. You can pick up and develop those notes, combine them with your ideas or fill that blank page entirely with words of your own.
In no particular order (but I recommend the last one 😉), here are a few ideas to get the most from ECSM.
If you have been running cybersecurity awareness and training programmes for a while, you can review performance to date. What areas in your organisation are engaging and responding well? Which ones are not? Look for the patterns where your initiatives are working well and apply them to new ones.
Conducting these assessments often throws up surprising data about particular demographics. One client of ours saw that its Asia operations had engaged extremely well with cybersecurity training.
Analysis revealed the principal reason was cultural differences. So the client modified its approach in Europe and saw much better engagement over time.
Review processes and policies. Are they up-to-date and/or do they need amending as regulatory and operational demands have changed? Can you streamline them, make them easier to access and digest?
Without a doubt, most people love a game. Using gamification adds colour to what people see as the drab topics of GDPR, passwords, phishing, etc. If you currently use games you will have seen the results. If you haven’t, give it a try in Cyber Security Awareness Month.
You are not limited to the topics of ECSM. Take the opportunity to do activities around the high priority issues your business faces. Use ECSM as the catapult to slingshot your programme into orbit.
Ultimately you are trying to change for the better the cybersecurity attitudes and behaviour of your employees. If you make something personal people take notice. And taking notice is the first step toward taking action.
In raising cybersecurity awareness among your employees, include aspects of home cybersecurity. Help them help their families to be more cyber secure. Take personal digital footprints as an example. These go toward the makeup of your business's digital footprint. Show the dangers that careless social media posts in family life can pose for the business as well.
Create a mini-campaign to complement your existing programme. Having decided on your focus topics, you can run activities for a different one each week throughout October. Activities can span a broad mix of types. Anything from individual and team challenges to stand-out internal communication (animated infographics, gifs, social posts, etc).
It follows also that the time, effort and money invested in these activities can be used all year round and not just in October 2021.
And don’t worry if you are thinking “I’d like to do that but haven’t the time now.” We have done all the work for you with our 'Arm Your People' Cyber Security Awareness Month pack.
Take a look at how you can drive engagement with something different and ensure key messages are well-received and, crucially, retained.
In the end it’s up to you how you use Cyber Security Awareness Month. However, don’t miss this opportunity to make cybersecurity shine among your people.
Check out all the latest on ECSM on Twitter and Facebook and look for the hashtags #CyberSecMonth and #ThinkB4UClick.
© The Security Company (International) Limited 2023
Office One, 1 Coldbath Square, London, EC1R 5HL, UK
Company registration No: 3703393
VAT No: 385 8337 51