Why is Cyber Security Awareness Month still relevant?
By Sam McLeish, Account Coordinator
As specialists in Tech PR, we work alongside many IT companies that monitor large data systems, comply with national and international privacy laws and manage the digital landscape for large numbers of people. Safe to say that this can become incredibly overwhelming, so it’s easy to forget about the risk that cyber criminals can pose. This is where Cyber Security Awareness Month comes in!
What is Cyber Security Awareness Month?
Cyber Security Awareness Month (CSAM) has become an established date in most businesses’ calendars, especially since the holiday has taught good online hygiene skills for over 19 years now. In that time, the proportion of UK businesses that are identifying cyber attacks each year is steadily reducing (39% down from 46% in 2017), but is that due to better technology detecting issues, or from the advancement and complexities of modern cyber attacks? Either way, businesses must always remain prepared for the next attack, and here’s what we at Touchdown have learned this month.
Phishing has us hooked
One of the most common methods that cybercriminals will use to infiltrate business systems is through Phishing. Despite being around since the early 90s, 41% of cyber security incidents start by gaining access through phishing attacks, in which emails with ulterior motives gather sensitive data and are sent en masse to unsuspecting businesses. However, with a little patience, fraudulent emails can be quite easy to spot, and simply not clicking a compromised link can help to keep a business incredibly secure. The CSAM’s European counterparts recommend to;
- Check the spelling – does the sentence fit with what you’d expect the “source” to say?
- Where do links lead? – hyperlinks included within fraudulent emails, once clicked, can download malware onto your machine. Only click links if you’re completely sure where they’re coming from.
- Trust your gut – if it feels wrong, if an offer feels too good to be true, it most likely is.
Above all, there are ways to take the burden off your employees completely. Of course, staff should always be trained to spot the key signs of phishing scams, but if everyone in your organisation is clicking ‘report phish’ on suspect emails in their inbox, automated systems can help to flag future threats and send them straight to spam before they can even be opened! We will never be able to get rid of the risk associated with phishing scams completely, but basic knowledge and technological advancements can help significantly.
But isn’t cyber security boring?
We’ve all been in meetings that seem to have no end, and nothing instils fear in your teams’ hearts more than ‘mandatory training’. Yet, as the role that everyday employees play in keeping the business cyber secure is so vital, incentivising the team to compete and report the most phishing attempts can make the whole experience much more fun!
There’s also no harm in condensing content and focusing on the employee experience – there’s no point in drowning colleagues in tech speak, but by delivering the key points and keeping the session interactive, you’re much more likely to ensure that mandatory training is much less stressful and even more exciting!
Do we even need CSAM?
You might be wondering, ‘well, I know all this. Why do we waste our breath talking about Cyber Security?”. In fairness, the workforce has become the most computer-literate in history, and the COVID-19 pandemic forced even technophobes to learn technologies that kept us all connected, even when we were forced apart.
However, Cyber security needs to be addressed every single day, not just when it’s forced to the front of your mind in October. If you’re prepared to do the day-to-day legwork, CSAM helps to keep us coming together annually with the most pressing concerns of the day, and it’s a great reminder to keep your systems and staff on the ball. If this is a routine you can get behind, then your business will have the best chance at staying cyber secure going forward.