Why Building a Security Culture at Your Company Matters and How to Start

#BeCyberSmart! How to Make the Most of Cybersecurity Awareness Month

We know threat actors are targeting people more than ever. And research for the 2021 State of the Phish Report from Proofpoint found that 74% of organizations experienced a “successful” phishing attack in 2020. These attacks resulted in data loss, account compromise, ransomware and malware infections, and financial loss. 

image-20211012091755-1

Figure 1. Impacts of successful phishing attacks

While our report noted a small improvement in user identification of threats, much more education is needed to ensure users don’t fall prey to the ever-increasing frequency and sophistication of social engineering attacks

And there’s no better time like the present. October is Cybersecurity Awareness Month—and it’s an ideal opportunity for your organization to provide safe computing reinforcement to your users. With this reinforcement, they can improve their ability to identify, resist and report threats that can lead to breaches and data loss—and become defenders instead of targets.

How to help your users #BeCyberSmart

“The overarching theme for Cybersecurity Awareness Month 2021 is ‘Do Your Part. #BeCyberSmart.’ The theme empowers individuals and organizations to own their role in protecting their part of cyberspace. If everyone does their part—implementing stronger security practices, raising community awareness, educating vulnerable audiences or training employees—our interconnected world will be safer and more resilient for everyone ... ”

— National Cyber Security Alliance

So, how do you run an effective cybersecurity awareness program? A program that will have strong user participation and deliver a positive experience? Here are some simple best practices to follow that will help you run a program that your users will find interesting and nonintrusive:

Execute a fun, lightweight program 

Launch a program in October focused on providing short but engaging content to help your users identify and avoid common cybersecurity threats:

  • Use brief awareness videos (1 minute or less). Requiring users to invest only a short amount of time in viewing your content will help them view the overall program more positively.
  • Select contemporary, relevant topics. We recommend topics on general cybersecurity, ransomware, phishing and identity protection. 
  • Hold events. In addition to offering videos and printable materials, arrange for events during Cybersecurity Awareness Month, including vendor presentations, drawings and contests. 

Another tip for success: Refer to the guidance provided by the National Cyber Security Alliance at https://staysafeonline.org/ and incorporate relevant information into your program.

Use positive messaging to encourage participation

  • Get leadership involved. Have functional and/or geographic leaders in your organization announce their support for the program.
  • Emphasize value. Make clear that the content you’re providing will help people stay safe at work and at home. Encourage your audience to share the content with their friends and family.

And again, ensure that people understand that the time requirements for participating in the program are minimal (just a couple of minutes in their day).

Get started now with the Proofpoint Cybersecurity Awareness Month Kit

With the Cybersecurity Awareness Month Kit from Proofpoint, organizations can focus on executing their programs rather than developing content. To make it as easy as possible for you implement your cybersecurity awareness program, we’ve curated a selection of free resources and a campaign guide to help you improve your users’ recognition and reporting of social engineering and other cybersecurity threats.

image-20211012091755-2

Figure 2. Proofpoint Cybersecurity Awareness Month Kit campaign ad

We’ve set up a four-week program to help your users practice safe computing at work and at home. They can share these resources with their friends and family members, and they’re short and entertaining to keep users engaged. You can use all of the information in our program or select what works best for your needs.

Here’s an overview of our four-week program:

  • Week 1: Be Cybersmart: Launch the program and provide users with videos and other materials about cybersecurity. In the first week, we focus on data security and passwords as a foundation for cybersecurity. Also included is an overview of Cybersecurity Awareness Month from the National Cyber Security Alliance. 
  • Week 2: Fight the Phish: Engage users with informative videos and materials about a top cybersecurity threat: phishing. 
  • Week 3: Defeat Ransomware: Ransomware has reached epidemic levels; use our videos and materials to help you users spot and avoid ransomware threats.
  • Week 4: Protect Your Identity: In the final week, inform users of identity fraud with our prerecorded webinar and provide them with an informative flyer to post as a daily reminder to stay vigilant.

Attend our informative web events for Cybersecurity Awareness Month

Proofpoint is also providing three separate web broadcasts on “The Art & Science of Building a Security Culture” during Cybersecurity Awareness Month in 2021. Here are the topics and dates:

You can learn more about this live virtual event series from Proofpoint on this page

Access more resources to help improve your security posture

Ensure your users know what to do when they face a real security threat by providing them with targeted education, like Proofpoint Security Awareness Training

Also, visit this page to learn about the market-leading solutions for email security and protection from Proofpoint, and how they can help your organization defend against phishing, email fraud, ransomware and more.