Tek Blog
Share Post To:
Cybersecurity Awareness tips
October is Cybersecurity Awareness Month, and I’m excited about what Microsoft and our partners in the industry have planned to help everyone stay #CyberSmart. 2022 may have offered some respite from the previous year’s rush to enable a remote and hybrid workforce, but the increased use of personal devices also left security professionals with even more endpoints to manage and secure. As illustrated by breaches like the March 2022 attack on Shields Health Care Group1 that impacted two million people and the April ransomware attack that became a national emergency for the Costa Rican government,2 we all need to be cyber defenders to protect what matters.
Technology can only do so much; it’s people who remain our greatest strength. That’s why Microsoft is taking this opportunity during Cybersecurity Awareness Month to help security professionals educate their employees on fundamentals highlighted by the National Cybersecurity Alliance, such as protecting their identities, updating their software and devices, and not falling prey to phishing schemes.3 Be sure to explore the resources and skilling opportunities in our Cybersecurity Awareness Month website, such as the #BeCyberSmart education kit with assets to help people to protect their data both at work and at home.
People have become the primary attack vector for cyber attackers around the world, so humans rather than technology now represent the greatest risk to organizations.
Security starts with awareness
In today’s boundaryless workplace, comprehensive security is essential. That kind of 360-degree protection requires education and awareness to safeguard identities, data, and devices. Awareness programs help enable security teams to effectively manage their human risk by changing how people think about cybersecurity and helping them practice secure behaviors. The SANS 2022 Security Awareness Report analyzed data from more than a thousand security professionals from around the world to identify how organizations are managing their human risk. The report found that more than 69 percent of security awareness professionals are part-time, meaning that they spend less than half their time on security awareness.
According to the SANS report, cybersecurity awareness professionals should endeavor to:
- Engage leadership by focusing on terms that resonate with them and demonstrate support for their strategic priorities. “Don’t talk about what you are doing, talk about why you are doing it.”
- Consider having a 10-to-1 ratio of technical security professionals to human-focused security professionals.
- Partner with other departments in the organization—such as communications, human resources, and business operations—to help engage and communicate with your workforce.
- Make the training simple to understand and follow. “Just like working out—it’s the frequency that’s important.” And dedicate time to collecting information about the impact of your awareness programs.
