How to Set Up a Cyber Security Awareness Event

The "Know-How" Guide On setting up an event during Cyber Security Awareness Month

Cyber Security Awareness Month (or NCSAM) is a global event that happens every October to highlight new threats to individuals and companies alike of the dangers that exist. Cyber security awareness programs help employees understand the threats and attack types to better protect the organization from attacks and breaches.

We personally like the term the human firewall and think the recipe to great security awareness is one part adult learning, one part human behavior change, and one part really good marketing.

Three laptops at a desk

Cybercrime is growing fast

It’s hard not to see the explosion in cybercrime in 2018. Businesses both large and small have realized that protecting the organization from internal and external factors is now a top priority. The cyber security agenda has moved squarely into the boardroom, and there is a huge gap for talent, from the C suite to infosec teams, to straight-up cyber security technical skills.

Technologies to protect us from cybercrime have matured, but it’s always a race against hackers, organized crime syndicates, and state-sponsored actors. The stats still show that the human factor is still very much in play as a vulnerability, a source of weakness. (We think it can be a source of strength, but that’s another blog post!)

Phishing emails contribute over 90% of the reasons that breaches and hackers get into a system and the other worrying stat is that 80% of many of the top breaches were caused by some sort of human error.

Humans are under cyber attack

While technology is advancing and things are getting better as our information security teams continue to protect the enterprise the human factor is still a huge challenge

Cybercrime is a huge challenge for many different reasons, therefore one piece of kit or one set of policies isn’t able to solve it. Your human threat exposure depends on many different scenarios and contexts: the controls, policies, and governance you have in place.

It depends on the culture and attitudes of your staff towards technology. It depends on how much risk they are willing to accept in their own lives, and what their digital habits are.

Many large organizations adopted the first wave of cyber awareness that came about 5 or so years ago, using e-learning courses and sending out Phishing test emails. And while some of these programs have shown short-term benefits, we haven’t made a significant dent in awareness in years.

The hackers and cybercrime experts continue to evolve their practices and what once were glaringly obvious scams are now actually relatively sophisticated and sneaky, but we are also being socially engineered, phished, and threatened more every day because humans remain a soft target.

(Videos like ours highlight how the human or in this case puppet can be the hackers fall guy!)

Cyber security awareness can save your company millions

Cyber awareness programs at many companies are still competing for space with standard risk training and governance programs in place.

We would argue that no topic today is nearly as important as cyber security awareness. These programs should be set apart, and run continually, not only during the month of October.

The impact of cybercrime on the bottom line can be enormous, and certainly, the reputational cost/ brand damage due to cyber incidents has only just started to come into public awareness. If all brands trade for limited customer trust… treating cyber security, and your human firewall as a priority is now imperative for B2B and B2C organizations.

Mo of Cybermaniacs with quotes discussing poor cyber hygiene

How do you get humans to change poor digital habits?

Humans are difficult creatures and notoriously hard to budge once habits are set. Our employees and peers have incredibly busy jobs and busy lives. Taking 40 minutes out of a day for stale and uninspired training doesn’t translate into the real risk reduction outcomes needed.

Change takes time, and building a security-aware culture takes time. If you do not start putting pieces into place this year, or now, then will your company ever be able to catch up with the increasing threat landscape in time?

Our entertaining and educational content has something for business and budget: posters, videos, training modules, infographics, memes, and more. It’s different, attention-getting, and builds awareness.
CYBER SECURITY AWARENESS MONTH PACKAGES

Set up a cyber awareness event

If you’re new to cyber security awareness and you haven’t yet started a program or any training at your company here are some things to consider as a first toe-dip into the water. Using cyber security awareness month this October is a great way to start.

If you’ve been doing it a while, here’s our fresh take on how to make cyber security awareness awesome at your company.

Make Cyber security awareness month an event!

The great thing about events is that they can focus and grab attention. Starting with an NCSAM event at your office that inspires, entertains, and educates your whole team around the impact of breach or incident would have on their current business operations is an impactful way to start a cyber awareness program.

Graphic of Cyber security awareness month discussed shared responsibility

You could run a series including:

1. A speaker session (a guest speaker presentation, panel discussion, etc.)
2. Networking sessions
3. Conferences
4. A seminar or half-day event
5. Workshops and classes
6. VIP experiences
7. Sponsorships
8. “Trade shows and expos” like a Cyber Science fair in the Lunchroom!
9. Awards and competitions
10. Festivals and parties

Think about the long tail

Look, short and sharp is great, but the forgetting curve in adults is pretty severe. It’s important to also think about How you can keep the focus on critical messages (especially about changing digital habits!) to create a more secure company?

Think about the event, or month of events, and ask yourself how you could keep the messages coming over the next few months to your teams. Can you use visual mediums? What internal communication tools do you have access to? Map this out with your event strategy to make sure you are keeping the feeling post-event alive.

Long Tail Strategies:
• Do a Survey after the Events and collect feedback
• Keep the conversation going on internal social media channels
• Reinforce messaging with visuals- both digitally (like web banners on intranets) or posters on the wall, signs in the bathrooms, get creative!
• Take videos of the event and compile them into a ‘highlight reel’ to show people who missed what they missed, and to help people remember what they learned. Funky music helps!

There are tons of free resources and programs available to help you get started on this journey, which we will detail in another post. Thinking about using as many channels as possible! Take a look at what we have going on for this year’s Cyber Security Awareness Month and see if we might be able to help you plan and execute an amazing Cyber Awareness month!