21 May Every Month Should Be Cybersecurity Awareness Month
Employees need ongoing themed training programs
– Ashley Rose, CEO at Living Security
Austin, Texas – May 21, 2021
National Cybersecurity Awareness Month: it’s the time of the year Security Awareness Program Owners (SAPOs) everywhere live and breathe for.
Each October, you gear up to push one of your strongest annual security awareness initiatives — with incredible program resources from the National Cyber Security Alliance (NCSA) and the Cybersecurity & Infrastructure Security Agency (CISA).
But while this special month is undoubtedly one of the most important times of the year for SAPOs to push awareness education, it’s not the only time your employees should care about your security. In fact, each and every month should be just as significant as National Cybersecurity Awareness Month.
Here are five ways to make every month feel like National Cybersecurity Awareness Month at work:
1. Hire & Support A Security Awareness Program Owner (SAPO).
There’s a chance that you’re already a SAPO, but if you aren’t, it’s high time you get one! A Security Awareness Program Owner is hired specifically to run your annual awareness training initiative, supporting your Chief Information Security Officer (CISO) and working with your Information Technology (IT) team to educate your company on the role each individual and team plays in your security.
That means it’s the SAPO’s job to develop and execute monthly security programs — earning buy-in from each department within your organization, not to mention measuring the success of their efforts beyond phishing tests alone (no easy feat!). They’re a pointed figurehead tasked with driving your awareness training so that the responsibility isn’t divided and considered merely a component of someone’s job.
If you yourself hold this important role, kudos. To reach your goals, it’s your responsibility to make sure you are fully empowered with the resources you need to succeed. That means not being afraid to ask for the tools and support you need to craft, push, track and improve your awareness program. Of course, this will mean convincing executive management you need it by talking to them in terms of their motivations.
2. Prepare And Run “Themed,” Focused Monthly Awareness Initiatives.
Each year during National Cybersecurity Awareness Month, NCSA and CISA cut out a lot of the hard work for us by building a monthly “theme” bundled with relevant awareness resources. For instance, 2021’s theme will be “Do Your Part. #BeCyberSmart” where they’ll be “ stressing personal accountability and the importance of taking proactive steps to enhance cybersecurity,” for employees within your org, according to CISA.
They break this month down even further into weekly initiatives, all with individual lessons to support their core theme:
- October 1 and 2: Official National Cybersecurity Awareness Month Kick-off
- Week of October 5 (Week 1): If You Connect It, Protect It
- Week of October 12 (Week 2): Securing Devices at Home and Work
- Week of October 19 (Week 3): Securing Internet-Connected Devices in Healthcare
- Week of October 26 (Week 4): The Future of Connected Devices
By focusing on one core theme, National Cybersecurity Awareness Month makes a big impact in only 31 days each October. This is a concept you can apply not just during National Cybersecurity Awareness Month, but every month.
Perhaps in May you focus on Phishing and develop weekly sprints with microlearning lessons to help your content stick. Or maybe this June your topic is Social Engineering and each Monday of the month you explain a different technique to your team. At the end of each year, think ahead to the 12 months ahead — planning themed awareness initiatives, broken down into week-long lessons. Here at Living Security, we offer something called Campaign in a Box to cut down the lift.
3. Make Learning About Cybersecurity Fun And Engaging.
Let’s face it, no matter how hard you try to push your security training, some departments want nothing to do with it. While there are other cultural reasons they may be resisting, many employees find security training to be a waste of time because it’s boring, corny or not meeting them at their knowledge level.
Luckily, there are tons of ways to make your awareness training more engaging. From encouraging FUN with playful game ideas to adopting an experiential learning approach dream up a few techniques for making your initiative more appealing.
One of our favorite tactics is the cyber escape room which gets your team working together to solve tricky security puzzles — all while learning. Another worthy of recognition is the reinvention of the cheesy awareness training videos. Companies like ours at Living Security are scripting and shooting “Netflix-style” educational episodes, mimicking drama and suspenseful TV series so employees feel entertained all while gaining valuable security know-how.
4. Consistently Reward Employees For Learning.
Trust us, we know that sometimes getting your departments to complete training modules is like pulling teeth. You have the dreaded job of pushing department heads to remind their employees to keep up with the lesson plans — and before you know it, team leads aren’t opening your emails or answering your calls. Leadership is just too busy to push both their goals and yours or to bother forcing their team to do something they don’t want to do. Before you realize it, there’s a “negative” culture around security, and departments are being threatened and shaming teams to complete the training.
But instead of nagging employees to learn, you have a powerful choice to take a better approach. Instead, you could reward teams for what they’ve completed — even if it’s just the shortest education module — to shift how they perceive the training.
What if:
- Instead of “shaming” you “praised” employees for a job well done?
- You gave verbal recognition one-on-one or in a team setting?
- You incentivized learning with a small physical prize?
- You integrated encouraging messaging continually throughout your program?
- You used a security awareness training software that integrates rewards automatically?
Give each a try by reading 5 Ways to Reward Your Team During Cybersecurity Awareness Training.
5. Work With The Right Security Awareness Training Partner.
Even the best SAPO often can’t (or shouldn’t) do it alone. Rolling out monthly initiatives means a heavy lift, not just once a year, but consistently. By partnering with external partners, Security Awareness Program Owners align themselves with the support and resources they need to run a successful awareness initiative — all year long.
Whether it’s a provider who offers engaging training videos or one who helps to provide valuable metrics for measuring ROI, don’t be afraid to lean on trusted outside vendors for specific parts of your program.
At Living Security, we’re proud to focus on all components of human risk management, bringing a unique approach to security training that focuses on empowering your team at your security’s greatest assets instead of its biggest weakness. From a philosophy shift to the technology to achieve and track it, we’re considered true partners of many top-notch orgs like Mastercard and more. Even if it’s not us, find yourself a genuine extension of your SAPO — and you’ll have the help you need to maintain a security program month-after-month.
Time For Human Risk Management
While you may know a thing or two about risk management, do you know what human risk management (HRM) is?
Your cybersecurity awareness program is just one part of a holistic human risk management initiative — and in order to actually move the needle on your security program, you need to cast a wider net.
Learn more about HRM by downloading 7 Essential Trends Of Human Risk Management for 2021.
We can help you to create a custom CSAM program for your enterprise! Reach out to us here.
– Ashley Rose is co-founder and CEO at Living Security
Sponsored by Living Security
Experience a game-changing security culture.
Living Security co-founders Ashley and Drew Rose recognized that traditional security awareness programs were failing to move the needle and it was time for a fresh approach.
Our immersive training experiences engage the enterprise using science-backed techniques to motivate behavior change and refreshed content that’s relevant for the current threat landscape.
Our science-based approach drives user engagement and reinforces positive security behaviors across the enterprise.