5 Cyber Security Awareness Month Tips for Cybersecurity Professionals



Cybersecurity Awareness Month Cybersecurity TipsIt’s Cyber Security Awareness Month  which is a great time of year for everyone to dispense security wisdom like Oprah giving away cars.

But looking back at some of the blogs I’ve written over the years, particularly around Cyber Security Awareness Month, and dare I say, some of my peers, there’s a bit of an issue -- and that is that we’re often so focussed on showcasing our cyber security knowledge that it can be easy to forget who the knowledge is intended for. 

The effect can be visualised by the following chart: 

Screen Shot 2020-10-15 at 10.41.40 AM

It’s important that as security professionals we use the opportunities presented by Cyber Security Awareness Month wisely, and communicate better. Below are five tips which have helped me, and may be of use to you too. 

  1. Quit blaming others: Yes, we all get it. Sometimes people make mistakes, do silly things, or ignore you altogether. It’s so easy to declare, “Lol, users!” rolling your eyes a bit, and exhaling while letting your shoulders drop in the way a parent does just before they tell their 8 year old how disappointed they are in their exam results.
    Instead, let’s be the people who, in the face of mistakes, buy them an ice cream and make light of it. After all, is a little bit of ransomware really worth ruining friendships over? 
  2. Argue behind closed doors: Security professionals don’t always agree on things. And that’s a good thing, we need to be constantly challenging assumptions and out of date practices. I guess we are also egomaniacs who love being right and putting others down. But that’s a topic for another time.
    The point is that people who don’t work in security don’t need to be confused. So, if someone says to their colleagues, “use a password manager” don’t jump in on social media and say how bad you think the advice is, how MFA is a better option, or how l33t you are for being able to memorise 78 different unique passwords each being 16 characters long.

    Baby steps are what we need, and if we can help people be a little bit more secure today than what they were yesterday, that’s great. If professionals want to disagree, or say how one method is superior to another, they can do it out of the public sight where it doesn’t look like cybersecurity isn’t full of infighting imbeciles. 
  3. Be specific: Whenever asked a security question the reflex action is to sharply inhale before saying, “well, it depends” which is then followed by 15 minutes of incoherent rambling which includes liberal use of phrases such as, “risk”, “appetite”, “appropriate”, and “threat model”.
    I get it, I used to be a consultant in a previous life, and it’s what pays the bills. But when your colleagues, friends, or family members ask you a question, don’t beat around the bush - you’re not their consultant. Just tell them what to do, keep it specific and simple, but more importantly make it practical. 
  4. Be a storyteller: We’re not college professors or lecturers, and nobody really wants to listen to a professor (apologies to professors). So try to make your message interesting and engaging. Telling a story really helps people remember and apply messages. If you tell the family an engaging story around the dinner table about how a criminal got caught because they posted too much information about themselves on social media, it may be all that’s needed for people to evaluate their own choices and change their behaviours accordingly. 
  5. Make them cool: Making people who you directly come into contact with aware of cyber security and steps they can take is great. But do you know what’s better? Having them go on and spread the message further. So instead of just telling, show something interesting and cool. Think of a little hack as a magic trick. Show someone, amaze them, then teach them how to do it. They will be more than happy to show off their newly learnt trick to all their friends and family and be the cool one. 

We aren’t trying to make everyone a cyber security expert during Cyber Security Awareness Month, and such a goal is unachievable. What we do want, is for people to make better risk decisions and know who to go to when they are in any doubt. If we can help people to be even 1% more secure during October than they were last month, then that in itself makes Cyber Security Awareness Month worth it.


Get Your Free National Cybersecurity Awareness Month Resource Kit

We saw a major shift in 2020 with many users transitioning to work remotely. That presented several new security challenges. The bad guys know this and are constantly changing tactics to exploit new vulnerabilities. We've put together these resources so you can keep your users on their toes with security top of mind. Request your kit now to help your users build their cybersecurity fortress from anywhere throughout National Cybersecurity Awareness Month and beyond..

Cyber-Colat-1Here's what you'll get:

  • A sample Cybersecurity Awareness Month training plan PDF containing recommended bite-sized training content to share with your users for each week of October
  • A free training module for your users: "Social Media: A Global Concern" to teach them how the bad guys are currently using social engineering as an attack vector, available in 34 languages
  • Resources to share with your users including infographics, awareness posters, and a helpful cybersecurity awareness tip sheet
  • All assets are printable and available digitally, so they can be delivered to your users no matter where they are working from 
  • Bonus: access to free resources for you including our popular on-demand webinar and whitepaper

Get Your Free Resource Kit!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

https://www.knowbe4.com/ncsam-resource-kit

Subscribe To Our Blog


New call-to-action




Get the latest about social engineering

Subscribe to CyberheistNews