Cybersecurity Awareness Month, observed every October, was created as a collaborative effort between government and industry to ensure every American has the resources needed to stay safer and more secure online.
Since its original inception under leadership from the U.S. Department of Homeland Security (DHS) and the National Cyber Security Alliance (NCSA), Cybersecurity Awareness Month has grown exponentially, reaching consumers, small and medium-sized businesses, corporations, educational institutions and young people across the nation. The collaboration of NCSA and DHS on Cybersecurity Awareness Month is one of the many successful public-private partnerships critical to cybersecurity and it provides many resources for research and informational purposes. Now in its 18th year, Cybersecurity Awareness Month continues to build momentum.
When Cybersecurity Awareness Month began, the awareness efforts centered around advice like updating your antivirus software twice a year to mirror similar actions around changing batteries in smoke alarms during daylight savings time. Through the combined efforts of government and the private sector, the month has grown in reach and participation, now including the involvement of a multitude of industry participants that engage their customers, employees and the public in awareness, as well as financial institutions, nonprofits and other groups.
The following is a suggested framework to help your organization engage in Cybersecurity Awareness Month, breaking out key messages into four weekly segments.
- Week of October 4 (Week 1): Be Cyber Smart – As we become more dependent on technology, our personal and business data is on internet-connected platforms. These platforms are attractive targets for cyber criminals. The first week of Cybersecurity Awareness Month should highlight best security practices and focus on general cyber hygiene to keep your information safe.
- Week of October 11 (Week 2): Fight the Phish – Phishing attacks and scams have thrived since the COVID-19 pandemic began in 2020, now accounting for more than 80 percent of reported security incidents. The second week of Cybersecurity Awareness Month should stress the importance of being wary of emails, text messages or chat boxes that come from a stranger or someone you were not expecting. Think before you click on any suspicious emails, links or attachments, and make sure to report any suspicious emails if you can!
- Week of October 18 (Week 3): Cybersecurity Career Awareness Week: Explore. Experience. Share. – The third week of Cybersecurity Awareness Month will highlight Cybersecurity Career Awareness Week, a campaign that inspires and promotes the exploration of cybersecurity careers. Whether it’s students, veterans or those seeking a career change, the dynamic field of cybersecurity is rapidly growing and offers something for everyone.
- Week of October 25 (Week 4): Cybersecurity First – The fourth week is all about making security a priority. For businesses like financial institutions, this means building security into products and processes. Make cybersecurity training a part of employee onboarding and equip staff with the tools they need to keep the organization safe. For individuals, keep cybersecurity at the forefront of your mind as you connect daily. Cybersecurity should not be an afterthought.
National Cybersecurity Awareness Month is a great time to reach out to customers and employees alike to increase awareness on how they can take personal actions to enhance your organization’s cyber security efforts.
Gene Fredriksen is a co-founder and current executive director of the National Credit Union ISAO and the principal cybersecurity consultant with PureIT CUSO. He has previously held the positions of CISO for PSCU, Global CISO for Tyco International, principal consultant for security and risk management strategies for Burton Group, vice president of technology risk management and chief security officer for Raymond James Financial, and information security manager for American Family Insurance.
Fredriksen served as the chair of the security and risk assessment steering committee for BITS, and also served on the R&D committee for the financial services sector steering committee of the Department of Homeland Security. He also served as an advisor on various cybersecurity steering committees for the administrations of George W. Bush, Bill Clinton and Donald Trump, assisting in the preparation of the president’s Cybersecurity Position Paper.