Cyber Security Culture and Awareness: not just for October

October is internationally recognised as Cyber Security Awareness month. Yes – we know it’s not October yet, but for our cyber security team it’s Cyber Security Awareness all year round, and this year will be no different.

As you’d expect Cyber Security Awareness month started in the United States – a collaboration between the US Department of Homeland Security and a non-profit organisation called the National Security Alliance, way back in 2004. Since then, October and Cyber Security Awareness month has been adopted across the globe with nations and organisations adopting differing approaches to spreading the cyber security message.

For those who read our weekly cyber security updates you will hopefully be aware that the threat landscape is ever changing, and that the situation is worsening, even though efforts to secure our digital lives are becoming more robust and effective. We are faced with a near constant barrage of ransomware, information stealers, malicious software and other cyber-criminal activity; geo-politically the world is increasingly a dangerous place and let’s not forget hacktivism and the ever-present insider threat – all making securing our organisations harder.

Security is a team sport but not everyone can afford a CISO, or a dedicated Security Manager to lead on security issues, so this month we will briefly cover off how organisations can get involved and think about raising the profile of security awareness across their business in October. Staff are central to any organisations’ ability to operate securely. Security is a whole of organisation activity.

Security awareness, if correctly embedded across the workforce can become an essential business asset and have a positive impact on other risk management and reduction activities. As with most security engagements the first step implementing an awareness programme is to undertake a baselining exercise. This can either be in the form of a short survey, polling targeted staff members with questions seeking to better understand their levels of awareness or undertake small focus groups across teams and the executive. The survey and focus sessions will provide you with a good understanding of the overall level of cyber awareness and identify areas for future improvement.

An easy starting point might be to use articles from the weekly Redcentric cyber security update as ‘talking points’ at staff meetings or 1:1s, to better understand levels of staff security awareness.

As we’ve written previously, getting the executive onboard is crucial for any cyber security activity, security awareness is no different. With leadership buy-in it should be relatively easy to push forward, using their support in shaping company-wide communications, setting the scene of cyber security being of importance to the business and therefore of importance for all members of the workforce and generally aid in driving what ultimately will be a cultural change across the organisation.

As noted above, security is a team effort, so co-opting resource from around the business to help spread the awareness message is vital. In some organisations, these individuals are called ‘Cyber Champions’ – whilst not specialists in the field, they are staff who’ve expressed an interest in security and can ‘champion’ awareness messaging amongst their colleagues. Figuring out what to discuss with colleagues is the next step. As a simple guide consider basics such as email security, use of secure passwords, basic data security and the like. Again, consider using the Redcentric cyber security updates as your starting point – we follow the main issues on a weekly basis and its ultimate aim is to improve awareness amongst its readership.

There’s also the potential for conducting exercises and simulations, getting the team engaged and building confidence in themselves and their ability to respond in the event of an incident or other security event in the future.

If you’re unsure where to start, then look no further: Redcentric has consultants who are able to help you prepare for this year’s Cyber Security Awareness Month and beyond. We can aid you in building your activity plans, deliver live threat simulations or facilitate tabletop exercises, and provide a range of briefing and other advisory based options. There’s also some particularly good advice on the NCSC’s central website for staff cyber security training which should also provide you with initial guidance how to pitch your awareness programme. They offer a range of infographics and optional e-learning solutions that can be downloaded and consumed by your staff to raise their awareness.

And remember, whilst there’s a dedicated month for awareness, cyber security is not just something you consider once a year. It’s an all year activity, so maintain the momentum even once October has passed.

 

At Redcentric, we are committed to helping you prepare for, detect, respond to, and recover from cyber attacks. Our expert consultants and tailored solutions can be seamlessly integrated into your business operations, providing the flexibility and support you need. If you have any concerns about growing cyber threats, please do not hesitate to get in touch.


Related Posts

redcentric

Redcentric

0800 983 2522 sayhello@redcentricplc.com