Who can forget dressing up like a CISO as a kid and going door to door, asking grown-ups for compliance and candy bars?
It’s about to be October, so you know what that means: cybersecurity awareness month! Who can forget dressing up like a CISO as a kid and going door to door, asking grown-ups for compliance and candy bars? In any case, here’s some tips for you to celebrate this unique and awesome month.
For those of us old enough to remember the ubiquitous adorable posters that adorned our grade school classroom walls, why not do the same at the office? It’s a fun and easy way to remind people just how important cybersecurity is while also injecting a sense of camaraderie and fun into the workday. Our personal favourite is this ‘Keep Calm and Change Your Password’ poster.
Afterwork activities are a great way to build team morale, and movie nights are a great way to bond. We suggest the cornball ‘90s throwback The Net starring Sandra Bullock, or if you’re looking for something a little bit more highbrow, try 1995’s Hackers or 1999’s The Matrix — both of which show an inordinate amount of hurried typing and people saying “I’m in” out loud when they get into a network. My personal favourite is 1982’s Tron starring a young Jeff Bridges which might not be directly about hacking, but does (in its own special way) show just what havoc a bad program can create.
Cybersecurity is, of course, a very big deal as it’s an easy way for a company to lose millions of dollars, dozens of jobs, a lot of credibility from the public. Having said that, you’re likely to lose the patience of your employees if you constantly talk about it from a ‘doom and gloom’ viewpoint. Cybersecurity Awareness Month is a good opportunity to treat this very important subject with a more lighthearted approach. At risk of misquoting Mary Poppins, “a spoonful of sugar helps the medicine go down” holds true even when talking about cybersecurity, phishing, and other malicious actor practices.
Did you know Hoxhunt has a ‘Spicy’ 🌶 mode that can simulate emails coming from just about anyone in your company? If you’ve ever wanted to give (for example) the marketing team a scare, try phishing them with a simulated email from the COO asking them “who hacked our Twitter account?” with a (fake, of course) link to a (not real) Twitter post. If you click on the link, you fail the test. This is because hurried, anxious, and fearful employees often lead to reckless cybersecurity behaviour, so be sure to show them that being skeptical and patient can pay off in the long run.
As we mentioned before, Cybersecurity Awareness Month and Halloween falling on the same month gives you an excellent opportunity to celebrate two events at once. Let’s face it: there’s nothing spookier than cybersecurity. It’s an entire industry devoted to people pretending to be others, and tricking with very little treats. Luckily for us, Cybersecurity Awareness Month happens to fall in October each year so we can double-up on two fun themes at once.
Statistically, if you tell someone a series of facts and figures they’ll forget half of what you said after about an hour. But a story, a narrative? That can last a lot longer. That’s because our brains are hard-wired to remember stories and narratives — or, to be more specific, general ideas — than they are individual facts and figures. Bringing a great storyteller such as a guest speaker into your organisation to talk about cybersecurity issues is a great way to create a more memorable experience for your employees than sitting them down and fire-hosing them with information. A well-told and true story about a phishing attack will stay in the minds of folks far longer than just attending a seminar.
What better way to celebrate Cybersecurity Awareness Month than by simply (and ceremoniously) changing your passwords? A 2018 study by PCMag showed that 35% of people surveyed never change their passwords. This is the cybersecurity equivalent of never bathing and expecting to land a date with Beyoncé. It’s recommended to change your passwords at least once every 90 days, and every 2-4 weeks if you work in the cybersecurity industry.