Employee Login

Enter your login information to access the intranet

Enter your credentials to access your email

Reset employee password

Article

Communications Tips to Ensure Your Cybersecurity Awareness Month Training and Education Program is Making a Difference

October 9, 2024

When the calendars turn to October, most people in the U.S. start to think about Halloween. For many of us in the cybersecurity space, however, we think Cybersecurity Awareness Month! Though it has become a veritable “all you can eat buffet” of cybersecurity content, the U.S. government established Cybersecurity Awareness Month in 2004 as a collaborative effort between government and industry designed to ensure every American had the resources they need to stay safer and more secure online. As communicators, we can, and should, play a critical role in improving the overall security of our organizations by mitigating one of the most significant risks to any network – its users.

The need for education has never been greater. Consumer Reports found that almost 46% of American adults say they’ve encountered an online scam or cyber attack. Last year alone there were over 2.6 billion personal records compromised and trends point to this year being even worse with the number of compromises increasing by 14% already in the first half of the year. Nearly two thirds of all incidents that result in those compromised personal records are caused by human error, so doing what we can to reduce the risk around one of the most common causes of data breaches is imperative.

According to the data, education and training is having a tangible and positive impact on reducing the risk of data breaches. Studies show that the reporting rate of phishing has dramatically increased over the past few years with 20% of users reporting phishing emails in exercises studied in 2023 compared to 5% in 2016. A separate study found that 80% of U.S. adults have signed up for some form of two factor authentication, up from 76% the year prior, partially due to greater awareness of how they can combat common threats to their data. Making more users aware of the threats and what to do if they encounter suspicious activity equals safer networks and more secure data for everyone.

Cybersecurity threats have undoubtedly become more mainstream over the years with more people broadly aware of what they should be looking out for, but effective education and training clearly plays an important role as well – and there is no better time than Cybersecurity Awareness Month to focus on it. As they say – knowing you need something is only half the battle. Making sure what you’re doing to meet that need is impactful is the next step, a fact that was illustrated in a recent study that found while over 80% of people felt staying secure online was important, only 60% felt it was worth the effort.

Key considerations for communicators when planning cybersecurity training and education:

  • Campaigns should be multi-disciplinary and coordinated between communications, legal, technical and other key organizational security stakeholders.
  • Training shouldn’t stop and start with an annual, mandatory session but instead should be re-enforced and supported over time with incremental reminders and coaching.
  • Learning through failure can sometimes be the best teacher, whether that’s through test phishing emails or other tactics.
  • It’s important to strike the right balance between planning and executing a challenging exercise that helps participants learn, and designing an exercise that is overly punitive that ultimately frustrates participants.
  • Quality, engaging content that presents the most current and relevant information to users about the threats they should be on alert for is the foundation of any cybersecurity-focused training and education campaign.

An effective employee education and training program won’t reduce your cybersecurity risk to zero, but it’s absolutely essential to mitigating that risk given the growing and ever evolving threats users face today.