Another National Cybersecurity Awareness Month (NCSAM) is upon us, and the theme for 2020 is “Do Your Part. #BeCyberSmart.”
This blog has three parts:
- History of NCSAM
- Examples of Action Being Taken By Leading Organizations in 2020
- Recommendations For Companies To Consider As They Prepare for NCSAM
History of NCSAM
National Cybersecurity Awareness Month (NCASM) began as a collaboration between the National Cyber Security Alliance (NCSA) and the U.S. Department of Homeland Security (DHS) in October 2004 “as a broad effort to help all Americans stay safer and more secure online”. Achieving success with reaching both public and private sector organizations, as well as everyday users, about the need for cybersecurity, NCSAM has been observed every October since 2004.
Since NCSAM began, multiple presidents have strongly supported it including issuing presidential proclamations. In 2010, President Obama’s presidential proclamation also introduced “Stop. Think. Connect” as the national cybersecurity education and awareness message, a part of a national cybersecurity campaign that endures until today.
Over the years, federal government officials have participated in activities across the United States. For example, in October 2011, Secretary Janet Napolitano offered these remarks at the Michigan Cyber Security Summit / National Cyber Security Awareness Month Kick-Off Event. That year, the emphasis from DHS included:
- The urgent need to develop and enhance cyber education programs to train tomorrow's cyber workforce. We need our nation's best and brightest working to address evolving cyber threats, and that requires strong education programs as well as a pipeline to employment in cyber-related fields.
- National and local efforts to prevent identity theft and other cyber crimes.
- Focus on strategies that small- and medium-sized business owners can use to bolster their own cybersecurity defenses.
- Reminding all Americans about the importance of taking collective action to protect these systems from accidental or deliberate attacks and disruptions.
Between 2009 and 2018, the NCSAM theme was “Our Shared Responsibility”. In 2019, the NCSAM theme was changed to “Own IT. Secure IT. Protect IT.” Then again in 2020, the theme changed, this time to “Do Your Part. #BeCyberSmart.”, which emphasizes that everyone, whether an individual or an organization, needs to do their part in protecting cyberspace.
The annual security awareness effort has grown into a world-wide initiative every October with numerous countries and both public and private sector organizations participating. You can learn about the history of NCSAM and about available resources at the staysafeonline.org website.
Examples of Action Being Taken Today By Leading Organizations for NCSAM
The Cybersecurity & Infrastructure Security Agency (CISA) and the NCSA announced this year’s Cybersecurity Awareness Month theme as “Do Your Part. #BeCyberSmart.” According to CISA, “This theme encourages individuals and organizations to own their role in protecting their part of cyberspace, stressing personal accountability and the importance of taking proactive steps to enhance cybersecurity. “NCSAM emphasizes “If You Connect It, Protect It.” Throughout October, CISA and NCSA will focus on the following areas in our promotions and outreach:”
- October 1 and 2: Official NCSAM Kick-off
- Week of October 5 (Week 1): If You Connect It, Protect It
- Week of October 12 (Week 2): Securing Devices at Home and Work
- Week of October 19 (Week 3): Securing Internet-Connected Devices in Healthcare
- Week of October 26 (Week 4): The Future of Connected Devices
Organizations can use NCSAM’s hashtag #BeCyberSmart to promote their involvement in the National Cyber Security Awareness Month and in raising cybersecurity awareness in general.
Educational institutions across the county have created programs in support of NCSAM. For example, Princeton University is all-in regarding NCSAM. In a similar way, the FBI made it a top website topic.
A great example of how enterprises can use NCASM to increase employee awareness is Lear Corporation, which offers global activities to get their employees involved and even passionate about security protections. Lear has won several awards for their enterprise security awareness training programs, and their efforts are chronicled is this interview from January 2019.
Lear hosts regular events that are livestreamed around the world during NCSAM. Their events are beyond impressive and included a mix of global presentations, awareness materials and world-class cyber leaders engaging in important discussions on a range of topics. The live participants are at Lear headquarters, but Lear staff watch the event from as far away as South Africa. The topics discussed range from the worldwide cyber-talent shortage to recent data breaches and ransomware attacks at various global organizations to the best ways to enhance an enterprise security culture. Audience questions are always encouraged. But Lear doesn’t stop there, to ensure employee security year-round, Lear releases monthly security awareness training lessons from Security Mentor, each focusing on a different security awareness topic in a bite-sized chunk that is both sticky and fun.
Recommendations For Organizations To Consider As They Prepare for NCSAM
Whether a public or private sector organization, there are many steps you can take to engage staff, your clients and the public during NCSAM. Many Information Sharing and Analysis Centers (ISACs) offer free toolkits, like this Toolkit from the MS-ISAC.
Other organizations offer legal advice and answers to frequently asked questions, such as this National Law Review resource from last year.
Many organizations provide newsletters, tips for home PCs, security advice and other helpful information. This Staysafeonline.org example from 2017 is still a great example to use in 2020.
Most of all, take a hard look at the security awareness training you are offering staff. Is it engaging? Is it helpful? Are you teaching staff and contractors thing they do not already know? Does it engage your staff to be secure throughout the year? If not, Security Mentor is here to help, we offer a range of options and solutions to enable your staff to make a difference and stay secure.