Cybercrimes are a real threat and can be extremely inconvenient if you find yourself as a victim. That’s why it is important every citizen of Ghana must put in efforts to be aware of cyber threats throughout the year. This paper discusses the need for everyone to promote cybersecurity and cybercrime awareness throughout the year, not just the month of October. The paper outlines strategies to the implementation of cybersecurity awareness programs.
We lead internet-connected, digital lives. From our desks and homes to on the go, we work, learn and play online. When we are not directly connected to the internet, the national critical infrastructure, through financial transactions, transportation systems, healthcare records, emergency response systems, personal communications and more depend on, impacts everyone.
Cyber criminals increasingly prefer to target humans to gain access into company networks and systems, instead of struggling to overcome expensive complex technical security controls put in place to stop them in their tracks. For this reason, cybersecurity standards and guideline acknowledge cybersecurity awareness and training programs for every computer and internet user. Training on how to follow basic security policy, identify suspicious emails and behavior, and report any problems they encounter or suspect significantly reduce organization’s cyber risk. Developing a strong cybersecurity culture in the workforce should be the result for any successful awareness program. Often, individuals assigned to implement cybersecurity programs (at organizational or national levels) have nothing to show off (besides October awareness campaign) due to several reasons, including lack of proper planning for impactful awareness programs. We provide tips and strategies on how to build successful cybersecurity awareness program and culture.
- Develop interacting/Hands-on Programme
Organizations must design a training programme or choose a cybersecurity trainer that uses a combination of training techniques to keep employees engaged. Interactive eLearning modules, simulated phishing campaigns, awareness messaging campaigns, micro-modules and culture assessments are all ways to establish foundational security knowledge but also reinforce that knowledge and keep your staff engaged. Training and awareness must avoid only focusing on a single form of training.
- Continuous awareness and Training
The month of October has been accepted by some people as the right time for security awareness). However, defending yourself and your organization against cybercrime is a year-round mission-not a onetime event. Clearly, there are many things you can do to raise awareness of cybersecurity awareness. To change mindsets and reduce the mistakes associated with end-user behaviors, security must become a regular pursuit. Once-a-year compliance training or October Cybersecurity awareness month simply will not be enough to raise awareness and help your employees learn how to apply best practices.
- Early Communication and Support
For any workplace culture to be successfully developed and maintained it requires support and buy-in from the leadership team and key stakeholders. It is important that people requesting cyber security awareness training communicate the training proposal or programme plans, timelines and objectives early on with their financial decision makers , teams and those stakeholders who will be integral to its success-such as department managers and tech support. Employees are ultimately one of the most important stakeholders in any awareness programme and the better they understand the reasons for and benefits of the programme, the better they will support it. It is important employees are not kept in the loop.
- Make the Awareness and Training Personal to Attendees
Cyber security awareness may not be the sexiest or most exciting of subjects so the more your employees can relate with the training to their computing practices, the more engaged and responsive they will be. Awareness and program must emphasize that good security practices should also be shared at home to help keep their families and personal lives safe online. Good cyber hygiene at home will translate to good cyber hygiene in the workplace.
- Have a Robust Reporting Process
As users of computer, smartphones and internet become more educated, aware and confident in identifying potential cybersecurity threats they see a significant increase in the volume of reporting to the security team, IT department or cybersecurity experts in their communities. This will be one of the strongest indicators that the awareness programme is being successful in truly changing behavior. Users should be encouraged and thanked every time they report incidents. Those users report cyber incidents to must make reporters feel they are truly contributing to the national security agenda. At the organizational level, cyber awareness programme developers must include incident reporting statistics in their Awareness Programme Reports to show progress and return on investment. Programme developers must ensure they share these reports with the employees themselves as well as the leadership team.
No individual, business or government entity is solely responsible for securing cyberspace. Everyone has a role in securing their part of cyberspace, including the devices and networks they use. Individual actions have a collective impact and when we use the internet safely, we make it more secure for everyone. If each of us does our part – implementing stronger security practices, raising community awareness, educating young people or training employees – together we will be a digital society safer and more resistant from attacks and more resilient if an attack occurs.
The writer is a Cybersecurity Specialist- AdvancedEvidenceDiscovery Ltd; Institute of Cybersecurity, Ghana)