We are headed into the final stretch of the 16th annual National Cybersecurity Awareness Month (NCSAM). The annual initiative is co-led by the Cybersecurity and Infrastructure Security Agency (CISA) and the National Cyber Security Alliance (NCSA).
As the name suggests, it’s aimed at raising awareness around cybersecurity. Those that work in the space know we’ve all become more reliant on networks and cybercrime has proliferated – and the initiative is a way to spread the word about things everyone can collectively do to improve security. But spreading the word is a big challenge, so NCSAM is designed to be a public-private partnership.
Or, in the words of the official kickoff announcement:
“…a collaborative effort between government and industry to ensure every American has the resources they need to stay safe and secure online while increasing the resilience of the nation against cyber threats.”
That got us thinking: what are some of the ways the private sector is supporting NCSAM this year? Below are a few ways we found the industry is helping to build awareness.
1) Champions of NCSAM.
A “champion” is a simple and voluntary pledge an organization can make on the official website for NCSAM – StaySafeOnline.org. The pledge asks applicants how they will participate and how many people the applying organization thinks it will reach. Afterward, the NCSA asks participants to, “please collect and report to us any metrics you collect as a result of your NCSAM initiatives.”
Here is the list of the growing ranks of companies, nonprofits, schools and other organizations that have publicly signed onto the program.
2) Full-day workshops for employees.
Tech analyst Cynthia Brumfield cites a CISA representative for her story in CSO Online describing activities by “an unnamed science and research company in Bethesda.” The CISO at that organization held an all-day workshop complete with “expert speakers to educate employees on what they need to do to protect the information and data the company is building through its research efforts.”
It’s a pretty big deal for any organization to pause work for a full-day and encourage employees to attend training like this, but they weren’t alone, according to Ms. Brumfield’s reporting:
“Another big corporation, a retail giant that CISA requested remain anonymous, is holding a host of internal activities for their employees throughout the month, training and educating workers at every level, starting at headquarters all the way down to individual stores.”
3) Customer tips for safely banking online.
First Bank & Trust Company, a regional financial services company in Virginia published a list of security tips consumers should follow in online banking. The list includes current best practices such as monitoring your accounts, being wary of emails from people you don’t know, and enabling two-factor authentication (2FA), among many others.
Notably, it also highlights a recurring issue in financial scams driven by events such as disasters:
“Con artists take advantage of people after catastrophic events by claiming to be from legitimate charitable organizations when, in fact, they are attempting to steal money or valuable personal information.”
4) Hollywood-style, micro-learning videos.
Corporate training isn’t always fun, engaging or memorable, and therefore it’s not effective. That’s the thesis behind NINJIO, which makes “Hollywood-style, micro-learning videos.” These are basically short videos with important learning points about cybersecurity. However, the company goes one step further – the lessons in the video are “ripped from the headlines” meaning the videos are modeled after real security events.
In support of NCSAM this year, the company offered “organizations, employees, and families free access to a selection of their award-winning library of animated video content until the end of October 2019.”
The videos focus on three areas including:
- email compromise and wire fraud;
- social media engineering; and
- spear phishing.
For example, one of the videos being offered is described as follows:
“Business Email Compromise and Real Estate Wire Fraud
NINJIO Season 2, Episode 2: ‘Homeless Homebuyer’ was inspired by the many wire fraud incidents that happen every day. In this episode, NINJIO educates learners about using verbal authorizations on any transfer of funds.”
If you are wondering, the company does have some real professional entertainment cache as the videos are “developed and co-produced by Hollywood writer and producer Bill Haynes, best known for CSI: NY and Hawaii Five-O.”
NINJIO has had about 50 companies, ranging from small and mid-sized businesses to mid-market enterprises, signed up in response to the company’s contribution to NCSAM this month, said Matt G. Lindley the CISO for NINJIO, in an email exchange with Bricata.
5) Networking and panel event.
Women in Security and Privacy (WISP) teamed up with Dropbox to organize a local San Francisco networking and panel event:
“We will be featuring three amazing lightning round speakers who will cover this year’s themes of ‘Own IT. Secure IT. Protect IT.’ Attendees will be introduced to the latest tech advances used to ramp up security for their personal lives and learn tips to bring to the office.”
This struck us as a very simple and effective way to support NCSAM and it can be easily replicated. As this post is being published, there’s still time to register and attend the event if you live or work in the Golden Gate City.
6) Free online training for non-technical personnel.
Several training-oriented organizations are offering free training and resources for the month. For example, KnowBe4 has an NSCAM resource kit and Global Knowledge has compiled videos, articles, white papers and primers into a cybersecurity awareness resource page.
Separately, Inspired eLearning has put together an impressive weekly curriculum with a variety of free resources – posters, webinars, videos and more. Here’s the outline they are offering:
- Week 1: Email Phishing
- Week 2: Alternative Phishing Methods: Vishing, SMiShing, & USB Baiting
- Week 3: Physical Social Engineering
- Week 4: Prevention, Protection and Training Best Practices
7) Free online training for your security pros.
The Infosec Institute provides a variety of online training courses aimed at security and IT professionals. Typically, the Institute offers a 7-day free trial, but have extended that to 30-days in support of NCSAM. Access is unlimited and includes more than 400 on-demand courses the organization offers and 50 skill and certification learning paths such as the CISSP and CCSP.
Finishing Strong and Planning for Next Year
As of today, there’s a little more than a week left for NCSAM, which offers some time to get on board with the initiative for this year – if you haven’t already. Likewise, we hope this list will give you a creative jumpstart on planning for it next year.
As Forrester Principal Analyst Jinan Budge wrote in a post titled, What CISOs Need To Do To Maximize Cybersecurity Awareness Month, “Plan for it as you would for any other security project…stay on top of planning and start organizing your Cybersecurity Awareness Month campaigns well in advance.”
If you enjoyed this post, you might also like:
6 Tips for Building an Effective SOC
*** This is a Security Bloggers Network syndicated blog from Bricata authored by Bricata. Read the original post at: https://bricata.com/blog/cybersecurity-awareness-month-industry/