October is cybersecurity awareness month. I think taking this occasion to extend cybersecurity awareness outside of company offices and into the home is really important.
With so many people working remotely or in hybrid situation, there are many opportunities for a home network to get compromised and impact your corporate network. By helping employees improve the security posture of their homes, you will also demonstrate value to your organization.
Start by showing employees how they can improve the security of their internal wifi, and protect IOT devices that they have.
Help them understand what a good wifi password looks like. One of the easiest things attackers can put on a wifi network once they’ve figured out the password is a packet sniffer, which tells them what websites you go to, and what things you search for.
What’s more, the average person has 25 or more devices at home connected to their wifi without even realizing it. They’re mostly IoT devices – things like doorbell cameras, refrigerators and microwaves, phones, watches and TVs. And when your car is parked in your garage, it connects to your wifi network for software updates.
With all this vulnerability, you have to help your employees do the best possible job of securing their wifis to protect their home networks from outside harm. When you consider that most attacks are beginning to happen outside the office, it’s no small thing to make sure people are as well prepared outside of their offices as they are inside.
Another helpful thing you can do is describe some of the different types of attacks to your users. Account takeover is one that’s been talked about a lot lately. It’s a very broad term with different manifestations. But it’s a good move to explain it to your users so they know what it looks like in all its different forms.
The most common form is when someone poses as a help desk or bank or something of that sort to trick someone to divulge information they can use to access your account. The romance scam is another popular mode, where someone insinuates themselves into your confidence to “borrow” a seemingly innocuous account. But because the average person uses the same password for everything, giving someone your Netflix password usually gives them access to your bank account, too.
Awareness month is also a great time for your security teams to leverage popular tools like Canva and SharePoint to make infographics that are relevant to your business and industry. Nothing beats the infographic for providing a condensed amount of information in a visually appealing way that’s easy to absorb.
I also think that videos are a great way of improving awareness. I like to make scenario videos, and the cheesier the better – it’s part of the charm. You get people to act out different types of security scenarios, giving them an opportunity to enjoy the joke and learn at the same time.
Competitions during cybersecurity month are another fun and effective tool. It’s a way to give away prizes, extend learning, and get people engaged.
It’s absolutely key to remember that the point of all this is to educate through engagement. Cyber awareness programs offer the opportunity to engage everyday employees who would otherwise see the security department as something they don’t know, don’t understand, don’t have to worry about it, or don’t want to hear from.
Drive that level of engagement among employees during cybersecurity awareness month and beyond to show the efficacy and value of your program to your board of directors. These programs and a new focus on improved home security will demonstrate how you’re helping your organization by providing the tricks, tips and tools that employees need to secure themselves in today’s liquid workplace.