In its most recent annual Cost of a Data Breach report, the Ponemon Institute reviewed more than 500 incidents around the world. The results were sobering: the average data breach costs an organization $4.24 million, and takes 287 days to identify and contain.
That’s why Cybersecurity Awareness Month – designated every October for the last 18 years – is an important reminder of just how critical cybersecurity awareness is at all levels of government and across every industry.
The best way to protect your organization and yourself is by being able to recognize potential cyber threats, understand their significance, and sharing that knowledge with others. The weakest link in many cybersecurity programs is people. They make mistakes, it’s bound to happen. But if you can raise your end users’ awareness about cybersecurity across all of the platforms and devices they use, it can drastically reduce the likelihood of a mistake happening. Even more important – when a mistake does happen and you have a strong cybersecurity posture, people recognize it and know how to respond.
This October, the Cybersecurity and Infrastructure Security Agency (CISA) and the National Cyber Security Alliance (NCSA) are emphasizing the overarching theme of “Do your part. #BeCyberSmart.” Additionally, four weekly messages, have been established for Cybersecurity Awareness Month 2021.
Knowing and sharing the cybersecurity basics is the foundation for any good awareness program. Knowledge is power, and that power should be shared. To be cyber smart you should assess your posture, implement a defense in depth strategy, ensure strong password and access management practices, patch regularly, and continually educate yourself and others in your organization.
Phishing is one of the most common ways that bad actors attack organizations, because it’s an easy and simple way to get in front of users. Fight back by implementing solutions that block phishing emails and educating users to identify those that would otherwise get through your defenses. Users who can quickly identify and report phishing emails can help tip the scales in your favor. The more people you have fighting phishing attacks, the stronger your organization’s cybersecurity posture will be. Learn more about how to prevent email compromise here.
The third week of October is Cybersecurity Career Awareness Week! The world of cybersecurity and the threat landscape is ever-changing, and that presents outstanding career opportunities for people who want to apply their skills and passion to this growing area. Week 3 is all about inspiring and promoting awareness and encouraging people to explore careers in cybersecurity by calling attention to the contributions they can make to our society and our economy in doing so.
The National Initiative for Cybersecurity Education (NICE) has put together some resources to help you learn more about career paths in cybersecurity.
Being online and connected is part of our everyday lives – from work, to shopping, to entertainment. So we also need to make sure cybersecurity is at the forefront of our minds every day. If you’re sharing information online, you should take a couple of seconds to validate that the receiver is a trusted source and is applying cyber best practices. Likewise, if you’re receiving information, you should make sure you’re doing everything possible to protect it from bad actors. Cybersecurity should be the first and last thing we consider when interacting with the digital environment.
These messages should be shared at all levels. We encourage you to take these Cybersecurity Awareness Month themes and develop short, but impactful weekly communications to everyone in your organization. Then post them on social media and other platforms to play your part in spreading the word. The more people we can encourage to be #BeCyberSmart, the more connected, informed, and protected our communities will be.
If you or your organization is interested in taking an active role in Cybersecurity Awareness Month, download CISA’s Cybersecurity Awareness Month 2021 Toolkit. It provides valuable messaging, articles, social media graphics, and other resources for promoting and modeling this important initiative. We at the MS-ISAC have developed social media templates that we encourage you to share to help promote the campaign and our goal to create an elevated level of cybersecurity posture across the United States.
These tips are brought to you in the Commonwealth of Virginia by the Virginia Information Technologies Agency in coordination with: