Now that it’s October, you’re inundated with pumpkin spice everything. Whether you live in California or New England, the month evokes crisp air, apples, and jack o’lanterns. In cybersecurity circles, October is the most important month of the year: its when we celebrate National Cybersecurity Awareness Month (NCSAM). It’s a time for the industry, and really, anyone with an internet connection, to celebrate by taking the time to learn what they can do to up their cybersecurity game.
The cybersecurity statistics for small and mid-sized business are frightening. Data breaches have increased at an alarming rate while at the same time employee-owned devices have exponentially expanded your data landscape.
Most people assume that cybersecurity awareness means knowing threats are out there in the wild. However, the problem with this cybersecurity awareness definition is that knowing is different from acting. With cybersecurity, knowledge does not protect you, actions do. .
Cybersecurity awareness is less about “what you know” than it is about “what you do.” Being cyber knowledgeable is like being in the 100 level course. Being cyber aware is akin to being in the graduate program. After all, even G.I. Joe will tell you that knowing is only half the battle.
Most people know that they have to update Microsoft Office when they get the alert after opening up Word. Unfortunately, many people click “later” because they don’t want to slow down their productivity.
The old saying goes, “actions speak louder than words.” This adage proves more true in cybersecurity than anywhere else. What 2018 security awareness topics apply to my business?As part of its cybersecurity awareness campaign, the National Cyber Security Alliance (NCSA) recognizes that creating a safer online experience requires a personal connection to data security. As part NCSAM, the Alliance set out four security awareness topics. While the first two, educating for a career in cybersecurity and protecting the nation’s critical infrastructure, may not apply to SMBs, the other two topics prove relevant.
Just like the personal hygiene habit washing your hands after touching raw chicken, cyber hygiene is a learned behavior. In theory everyone knows about phishing and spam. They know they need to take precautions when shopping online and to install malware protection.
In reality, most people recognize threats but don’t act on them. This month, don’t just learn about these behaviors, practice them and turn them into habits.
As a business owner, you might have created a mission statement promoting a corporate culture. Additionally, you likely hired individuals whose integrity, goals, and work ethic match yours. Now, you need to incorporate cybersecurity awareness into that corporate culture. To do this, you need to be a role model in the workplace. You need to model the behaviors you want to see in your employees. Demonstrating awareness not only teaches but motivates your employees to engage in cyber aware behaviors - ones incorporating both physical and digital data.
Being aware of cybersecurity issues is only the first step to keeping your business safe. You want your employees to know what to look for, but also what to take action on. For example:
The cyber-aware person knows what they should do. The cyber-active person mindfully acts to protect information.
What are some personal security tips for employees that protect your business?Cybersecurity tips for employees need to be practical. As noted above, the NCSA’s first cybersecurity awareness topic involves the home for a reason. Employees who practice safe cybersecurity at home will do the same at work.
A few personal security awareness tips from the NCSA’s Stop.Think.Connect campaign include:
Cybersecurity awareness doesn’t stop when you walk away from a device. Hackers increasingly use social engineering techniques in physical retail locations. The more devices you use to enable your business, the more information you put at risk. Therefore, you need to focus on protecting devices that store, transmit, and collect information as part of your cybersecurity awareness training.
Some tips to help employees focus on physical security to protect data include:
Cybersecurity awareness questionnaires provide you with information about how much your employees know. Security awareness training answers, for example, let you measure how much knowledge your employees have about a topic.
However, creating a corporate culture that fosters cybersecurity awareness means making information security fun and interesting. Sure, at first glance, putting “cybersecurity” and “fun” in the same sentence seems counterintuitive. In reality, you can foster an overarching culture by making cybersecurity entertaining and interactive.
As a business owner, you not only protect yourself when your employees are cyber aware but you also empower your employees to recognize and act against threats to protect your customers and reputation.
Our primary value statement at Zeguro is You First. For us, this means:
The interactions, offerings and attitudes of Zeguro are centered around the benefit to the individual.
Cybersecurity awareness is about protecting and benefiting the individual. As a company, we offer cybersecurity awareness training modules that ease this process for you.
Cybersecurity hygiene puts your customers and employees first by creating an overall better internet.