National Cybersecurity Awareness Month (NCAM) got off to a bit of a bumpy start, with three major data breaches announced shortly after the event’s October 1 start date.
Of course, those breaches happened before October, so there is hope that NCAM will make an impact and both companies and consumers will begin to take cybersecurity more seriously. For that to happen, however, security leaders need to promote NCAM within their organizations and get employees to buy in on the idea of better security practices. Here’s how three security officers are approaching NCAM and what they hope their efforts will achieve.
Zuora is a billing platform for subscription services like Netflix, and this is the first year the company will be participating in NCAM. Security awareness is critical for the company and, according to Pritesh Parekh, chief information and security officer, NCAM is the perfect starting point to further ingrain security into the culture of the company.
“It is important that our employees are safe and secure not only at work, but also in their personal online lives,” said Parekh. “Our primary goal is to embed security awareness and best practices in our workforce as they go about their day to day activities.”
Parekh turned to NCAM for the resources he needed to develop the direction of security awareness initiatives. The major activities that are planned include:
- Lunch meetings inviting employees to discuss the current threats we are seeing and how they can be mitigated. This will also include Q & A sessions to address security awareness questions employees may have.
- Security awareness posters distributed around the company.
- Emails providing information on current and emerging threats and how users can protect themselves.
- The creation of a Security Awareness channel in the employee chatting tool, which will provide everyone direct access to security team members to address questions and concerns in real time. Information on latest threats, protection and security best practices will be shared.
“Our goal is not to do this for just the Cybersecurity Awareness Month and move on—we see this is as the beginning of a sustained awareness campaign that will reach all levels at Zuora,” he said.
CDK Global, which provides technology solutions to a wide variety of vehicle dealers, is a repeat participant in NCAM. Last year, Jim Foote, chief business security officer, and company leaders used NCAM as an opportunity to meet with more than 1,000 CDK Global employees worldwide to discuss how to better secure their homes, personal computers and networks, and their families, in particular their kids, from cyber criminals. The company also reached out to communities, particularly high school students and parent organizations, to discuss on how to prevent common mistakes that can leave you vulnerable to criminals.
“Our companies are made up of individuals, and if we can help them be more secure in their personal lives, with their families, they bring those skills back to the office to help make the company more secure,” Foote said. “It benefits our associates, our communities, our company and our clients.”
So how does CDK Global improve on last year’s efforts? According to Foote, the company plans to put an emphasis on the Internet of Things and the security concerns surrounding all these new devices and technologies.
“This year, CDK Global is putting more resources into raising the security awareness in the automotive industry through our SecurityFirst campaign. As a technology provider, it’s critical for us to raise awareness and build security protocols into everything we do,” Foote stated.
To follow through on that goal, CDK Global is rolling out a free comprehensive security and awareness training program for auto dealers made up of short 8-10 minute videos on topics such as how to identify malware and phishing attacks.
“More than 90 percent of all data breaches, regardless of industry, start with a phishing attack,” Foote pointed out. “With that statistic as a backdrop, we’re putting people at the center of our company’s investment. We’re working with Wombat Security, a leading security training company, to offer the same malware and phishing training to every CDK customer worldwide for free.”
In addition, the company will provide tips for dealers and consumers throughout the month on its social media accounts, author blogs, speak at the JD Power Automotive conference on connected car cybersecurity, and participate in the Department of Homeland Security’s Twitter chat in a few weeks.
“Our company and culture are changing and we’re seeing our employees embracing security. I really think they see how every individual plays an important role in acting as a human firewall,” Foote said.
Baylor University is a long-time participant in NCAM. In fact, cybersecurity is so important, Jon Allen, assistant vice president & chief information security officer, said that October is “just the time where we can go over and above our normal participation in that space.” The school has a branded security awareness program that goes year round, but ramps up efforts in October with its “BearAware” program.
“We have giveaways, provide people with the latest cybersecurity updates and conduct training sessions. We have speakers on campus and we try to make sure those sessions are applicable to attendees both professionally and personally,” said Allen. “We’ve found that if people have heightened information security awareness personally, it automatically translates into the workplace.”
The BearAware program brings immediate recognition to the efforts toward better cybersecurity, although Allen did say that the campus community is more aware of security issues than ever, thanks to the number of high-profile breaches recently. Last year, Allen took advantage of NCAM to introduce two-factor authentication to the campus. “With that program, people are becoming more receptive of that particular technology because they realize that passwords are broken. That was something that four or five years ago we would’ve gotten a lot of resistance on, and this past year it wasn’t nearly that big of an issue,” he said.
“That’s where having these events during the month, and having new policies or products launch during the month, people aren’t questioning it as much as they were four years ago – they understand the why.”
Security should be looked at as a journey, not an event. Yet, every journey needs a first step, and for these organizations, NCAM is just the beginning.
Sue Marquette Poremba has been writing about network security since 2008. In addition to her coverage of security issues for IT Business Edge, her security articles have been published at various sites such as Forbes, Midsize Insider and Tom's Guide. You can reach Sue via Twitter: @sueporemba