Introducing new software into a business can send employee productivity soaring. But as a company’s technology footprint expands, its attack surface does, too.
And every department, from IT to finance to human resources, plays an integral role in enhancing cybersecurity in the workplace.
Held every October by the Department of Homeland Security, National Cybersecurity Awareness Month (NCSAM) raises awareness about the importance of cybersecurity and encourages businesses to increase safety and security online.
Interested to find out what you can do to participate in Cybersecurity Awareness Month and encourage your employees to adopt better cybersecurity habits? Keep reading to find out.
What Is Cybersecurity Awareness Month?
National Cybersecurity Awareness Month launched in 2004 as a collaborative effort between the U.S. Department of Homeland Security (DHS) and the National Cyber Security Alliance (NCSA). NCSAM is a successful public-private partnership that brings the importance of IT to the forefront of everyone’s mind.
NCSAM is meant to help both businesses and consumers become more secure online. Every year highlights a central theme to help consumers adopt healthy online habits.
Early NCSAM initiatives focused on educating users about updating antivirus software at least twice a year. Between 2009 and 2018, the theme of the event centered around “Our Shared Responsibility” to highlight how businesses and the general public can secure their digital assets.
In 2011, NCSA and the DHS began adding weekly themes throughout October to outline clear cybersecurity initiatives businesses could adopt in their training curriculums.
This year, Cybersecurity Awareness Month has a new central theme: Own IT. Secure IT. Protect IT.
Own IT. Secure IT. Protect IT.
The NCSAM theme for 2019 is “Own IT. Secure IT. Protect IT.” It encourages technology users to hold themselves accountable to digital privacy, security best practices and cyber threats in the workplace and on personal devices.
Here's a breakdown of the theme:
"OWN IT” is about understanding your digital profile at home, school, work and on the go. Today’s need for constant communication means that there are potential cybersecurity threats around every corner. You need basic knowledge of the devices and applications you use each day to help take ownership and keep your data safe.
Knowing the devices and applications that make up your digital profile is the first step. Understanding the security features available to you is the second. Cybercriminals are continuously finding new methods to steal personal information from unsuspecting users.
Everyone in your company should review the security tools on the equipment and software they use daily. Adding a layer of security, such as multi-factor authentication, is a must-have for protecting company and customer data.
Once you’ve added new layers of security, your long-term goal is to maintain a secure digital profile. Check your privacy settings every few months, update your passwords regularly and keep your profile clean so cybercriminals can’t exploit it.
7 Tips to Take Away From Cybersecurity Awareness Month
Spreading the theme of Cybersecurity Awareness Month to your employees is a great way to refresh users on the importance of security and get people excited to participate.
To get your company involved in NCSAM, here are seven tips related to this year’s theme. Share them with your team or incorporate them into your training curriculum:
1. Mix Up Your Password Protocol
The National Institute for Standards and Technology (NIST) recommends using the longest password permissible. Talk to your employees about generating unique passwords for each of their accounts. That way, even if a cybercriminal gets ahold of one password, they cannot access every account.
2. Increase Your Login Protection
Once users have strong passwords in place, they also need to increase their login protection. Having a single layer of login protection places your employee devices at a high risk of being hacked.
Multi-factor authentication (MFA) helps guarantee that the only people getting into company accounts are account owners. You can set up MFA for email, banking accounts, social media and any other service that requires users to log in.
You can enable MFA by using a trusted mobile device, an authenticator app or a dongle that hooks onto a key ring.
3. Update Your Devices Regularly
Just because your passwords are protected, that doesn’t mean your devices are. The best defense against malware and viruses is keeping your security software, web browsers and operating systems up to date.
No matter what type of device your employees are using — whether you require them to use a company computer and cell phone or allow personal devices — it’s up to you to ensure all devices connected to the network are protected.
Every device should include antivirus software. Sign up for automatic updates (if available) to cut down on manual update time and reduce the risk of a forgetful employee.
4. Think Twice Before Sharing Personal Information
Sharing any kind of personal or company information online can pose a risk to your business.
Talk to employees about the types of information they post on social media, such as personal addresses, client information and spaces they like to work outside of the office. When performing a cybersecurity sweep on company devices, disable any location services so no one can see where your business users are at any given time.
All of these seemingly random details can help a cybercriminal target your employees, your company and your clients. All personal data, including social security numbers, passwords, account numbers, birthdays and even vacation plans, can be used against you.
5. Outsmart Cybercriminals
Cybercriminals frequently try to trick users by sending emails that appear to come from a familiar contact or company.
Train your team members to look carefully at the email address of any incoming email they don’t recognize. If an email comes from an unfamiliar email address (even if the details seem accurate), employees should contact your IT team as soon as possible. Teach them to never click any links or attachments in a suspicious email.
Employees should also be familiar with the “junk” and “block” options in their email inbox to prevent future emails from that sender.
6. Stay Protected While Connecting to Wireless Networks
Public WiFi networks are notorious for being unsecure. When employees access company programs from a remote location, they should always confirm the name of the network and login steps with the appropriate staff to ensure it’s legitimate.
Logging into an unsecured public access point leaves users vulnerable to anyone else connected to that network. If users have to connect to one, make sure they don’t log into any sensitive sites (such as a customer database, HR portal or banking site).
The best way to keep employees secure while traveling is to provide them with a personal hotspot or offer reimbursement for the use of their personal one.
7. Monitor Your Apps
Lastly, every employee should complete an audit of their mobile applications. Users’ mobile devices could be filled with suspicious apps running in the background or apps using default permissions that were never knowingly approved. As a result, those apps could be gathering personal information — and company data — and putting your organization and customers at risk.
Talk to your team members about checking app permissions on personal devices, and review old apps that might exist on company-owned assets. Delete anything they no longer need or use, and remind employees to only download apps from trusted vendors and sources.
Upgrade Your Team’s Cybersecurity Skills With New Horizons
Cybersecurity Awareness Month may only take place once a year, but its principles are relevant to individuals and businesses every single day.
Is it time to upgrade your team’s cybersecurity skills? Everyone in your company, from your IT department to end-users, can benefit from a refresher course on how to keep themselves (and their employer) safe online.
New Horizons, the world’s largest IT training company, can help. Talk to one of our trainers and check out our cybersecurity courses to find the perfect course today.