October has been a busy month here at Cygenta HQ, not least due to many of our clients wholeheartedly embracing Cybersecurity Awareness Month (CSAM). This month, we have delivered face-to-face awareness-raising activities in five different countries for 12 clients, mainly global businesses in sectors that span financial services, legal and fashion. Many organisations were pushing CSAM more than ever this year, with more budget and more senior-level drive to capitalise on this opportunity to shine a brighter light on the importance of cybersecurity. With this in mind, I wanted to share five thoughts about cybersecurity awareness-raising now that we've reached the end of CSAM.
- Some clients started planning their activities this time last year; others started a few months ago. The sooner you can start, the less stressful it will be for you. A couple of clients got in touch very close to October and we just didn't have the capacity to support them at that late-stage (speaking of capacity... watch this space for news).
- While CSAM is a fantastic opportunity, awareness-raising is a marathon, not a sprint. We're delivering some exciting awareness-raising activities with clients in November, December, January and beyond. CSAM is a great opportunity to bring a special focus to cybersecurity - to go big - but it works best when it's one part of a wider picture.
- Try to avoid the trap of awareness-raising for the sake of it. Instead, consider the culture that you want to promote, and the positive behaviours that you hope to influence. Then plan your awareness-raising activities based on those intended outcomes.
- Move away from the negative and towards the positive. People don't generally engage with negative messages, so informative, inspiring and empowering cybersecurity communications are going to have a much better impact than a fear-mongering PowerPoint with a list of what not to do.
- Cyberinsecurity can seem intangible and far-removed from many people's lives or internet use. Telling people why cybersecurity matters is one thing, but showing them is way more impactful, which is why we incorporate so many live hacking demonstrations in our awareness-raising. Of course, the demos have to be 'translated' so that you don't lose people in technical jargon. They also have to be handled with a careful consideration of the psychology of fear and how to talk about something scary without invoking unintended negative side-effects.
Hopefully this quick post has given you some ideas about your awareness-raising endeavours. If you'd like to find out more about what we deliver to assess organisational cybersecurity culture, how we positively impact cybersecurity practices in the staff of our clients and what we deliver to raise awareness of this subject that we are so passionate about - get in touch (firstname.lastname@example.org).