Cybersecurity Awareness Month to-do list
This month marks the 20th annual Cybersecurity Awareness Month, a collaboration between government and industry to highlight the importance of cybersecurity. The past two decades have brought about rapid change.
“It’s hard to believe that Cybersecurity Awareness Month has been going on for 20 years. If you think back 20 years…Facebook wasn’t around, YouTube was still years away, the first iPhone was still four years away,” reminisces Norman Adkins, a cybersecurity specialist based in Jacksonville, Florida.
These and other innovations have introduced new attack vectors, new platforms for data to be stolen from, and brought new people into the ecosystem. “Cybersecurity was in its infancy two decades ago. 100 years from now, we’ll probably look back and say that in 2023, we were still in cybersecurity infancy. But compared to 2023, 2003 was essentially the Stone Age of cybersecurity,” Adkins says.
Each year, Cybersecurity Awareness Month has a new theme. This year, it is “Secure Our World.”
The Cybersecurity and Infrastructure Security Agency (CISA) has declared four key behaviors to reflect the theme of Secure Our World:
- Use Strong Passwords and a Password Manager
- Turn on Multifactor Authentication (MFA)
- Recognize and Report Phishing
- Update Your Software
Secure our world
According to CISA:
Secure Our World’s mission is promoting behavioral change across the nation, with a particular focus on how individuals, families, and small to medium-sized businesses can Secure Our World. Secure Our World is this year’s Cybersecurity Awareness Month theme and will remain the enduring theme for future Awareness Month campaigns.
“Secure our World is promoting the basics, but basics are important. Ask any professional sports team what is most important, and it’s not the rare triple play, half-court shot, or the Hail Mary; it’s the fundamentals, the basics. If a team masters the basics, they’re going to win, and that is how cybersecurity is,” explains Adkins.
MSPs have a role to play in Cybersecurity Awareness Month
MSPs are playing an increasingly important role in filling cybersecurity gaps. “When it comes to reinforcing basics and making sure people are taking these fundamental cybersecurity steps, MSPs have a crucial role to play,” Adkins advises.
He recommends that MSPs use the month to provide their customers with a refresher on the importance of basic cyber hygiene. “MSPs have the platform and the people to ensure the message gets through,” Adkins says, adding, “There is a two-part formula for making the month most effective.
Awareness leads to action
“There are two tracks that MSPs should operate on for this important month: one is simply the awareness aspect; after all, it is cybersecurity awareness month,” Adkins explains. “But the other is proactive, MSPs should also do something tangible.”
Let’s unpack the awareness part first. “MSPs should be using the month as a megaphone, and the more creative and fun you can make it, the more effective you will be,” he says.
- Sharing social media posts promoting cyber awareness; they could be fun memes or humorous posts to tackle serious topics.
- MSPs and their clients can partner to offer prizes or rewards for those who display the best cyber hygiene habits in October.
- Hold an event like a seminar or a workshop to engage people in a fun way. “Put a stack of money on a table and ask people to devise creative ideas on securing it. And then use that to start a conversation about applying similar strategies in cybersecurity,” Adkins suggests.
- Offer a reward to those who develop the best cybersecurity idea that can be implemented company wide.
- Implement pen testing to see who gets “caught.” “Pen tests can sometimes be seen as a sneaky way to see who is following protocol and then disciplining those who don’t follow best practices, but it doesn’t have to be that way. It can be presented to employees as a fun challenge.”
Adkins says that October’s cybersecurity awareness theme can also be a time for MSPs and their clients to practice some basics. “Fire departments urge people to check their smoke detector batteries at the time change; that’s an important, tangible step people can take with the time change. Well, with Cybersecurity Awareness Month, you also want to do something actionable,” he recommends.
Tasks could include:
- Annual cybersecurity audits
- Disposing of outdated computer equipment according to best practices.
“By doing something tangible during cybersecurity awareness month, you are sending the message to clients and their employees that the occasion is more than just talk and awareness-raising; there’s action some action to put behind it,” Adkins concludes.
Here is a list of resources that can help you get the most out of this month:
Photo: Sasin Paraksa / Shutterstock