This month is the 20th annual Cybersecurity Awareness Month, cosponsored by the Cybersecurity and Infrastructure Agency (CISA) and the National Cybersecurity Alliance. This year’s theme is “Secure Our World.”
Cybersecurity awareness by all users is a critical part of effective cyber defense.
EditSign has reported that 90% of successful cyber attacks start with a phishing email. Verizon has reported that about 74% of breaches involve a human element, which includes social engineering, errors, and misuse. Users can make a big difference!
Every user from the newest hire to senior management has a role in effective cybersecurity. Training is critical. The goal should be to promote constant security awareness, by every user, every day, every time they’re using technology. Users should know how to securely use technology; be aware of current threats and how to protect against them; know what to do if there’s an incident; and understand how to get answers to questions.
Training tips should include:
- Stay focused and avoid multitasking and distractions.
- Learn how to recognize phishing.
- Think before you click or act.
- Report suspected phishing.
- If you receive a prompt for multi-factor authentication (MFA) and aren’t logging in, report it.
This Cybersecurity Awareness Month is a good time to update your training program (or to implement a program if you don’t have one). Use this month to provide a refresher to users, followed by periodic repetition.