Download the Resource Kit Here
Check out these Cybersecurity Awareness Month assets to spread awareness and demonstrate your organization’s commitment to security and privacy.
Table of Contents
- Suggested Emails
- Suggested Social Copy
- Suggested Social Graphics
- How Much Should I Invest In Security? A Startup’s Checklist
Suggested Emails
Copy, paste, and send the following emails to your internal team and to your external client and stakeholder communities. Don’t forget to insert your company name and security team contact information where necessary and feel free to customize the copy to fit your company’s security priorities!
Suggested email for your internal team
Hi [Insert Your Company Name Here] Team,
FYI – Most security breaches occur because of human error, and education is the best way to combat common mistakes. Did you know October is Cybersecurity Awareness month? This October, we want to continue to invest in our team by providing education and insights into security best practices to help you and your fellow colleagues stay safe online.
Check out the resources below for simple steps and reminders on what you can do to stay secure at work (and in your personal life).
Beware of social engineering
Social engineering is arguably the most common technique bad actors use to gain access to an organization’s systems. The cyber attack approach specifically targets employees because they are often the most vulnerable part of a company’s defense. Threat actors will mimic trusted identities, usually with email addresses, to dupe their victims into divulging information to access restricted systems.
Some of the most common types of social engineering techniques include:
Phishing
A typical phishing email uses what looks like a common sender – like a bank, telecommunications company, or other billing company, and a generic greeting to reel the victim in. The email will often prompt the victim to click a malicious link under the guise of dealing with their account, overdue payment, or other urgent requirement.
Baiting
Baiting involves offering something to a user to pique their interest. Two forms usually occur; phishing and physical baiting. In phishing, baiting is usually in the form of a promise – like a prize to be won that is sent to the user’s email. “Click this link to claim your prize!”
In physical baiting, the social engineer usually leaves a USB stick behind that entices the user to plug it into their computer which leads to infecting the device with malware.
Pre-texting
In pretexting, the social engineer usually tells a story that compels the user to act based on the exploitation of the victim’s trust or emotional connection. The social engineer will send an email that looks like it is from a trusted friend, co-worker, or organization. The email usually presents a problem to be solved or might even request a donation to a particular cause. The email will usually include a link to a portal where information can be entered to be phished from the user.
When it comes to any of these forms of social engineering, the best course of action is to proceed with caution and always think before you click a link or give any personal information. If you notice anything suspicious while working at [Insert Your Company Name Here], [Insert Your Company Security Reporting Policy here – i.e forward the suspicious email to our security team at <<email>>].
For a more in-depth look at social engineering, check this blog post.
Good Password Hygiene
Password management is essential to data privacy and security. Your passwords should be unique and random – No birthdays, dog’s names, or addresses!
That being said, creating and keeping track of all your passwords can be difficult. Here are a few tips if you’re not sure where to start:
- Don’t Use Significant Dates
- “Password” is NOT a Password
- Obvious Sequence of Numbers or Letters
- Your Website Name
- Use a Tool to Generate Your Strong Password
For more information on best password practices that will keep you secure but won’t make you lose your mind remembering a hundred complicated phrases, check out this blog.
No matter what month it is, cybersecurity is everyone’s responsibility. We’ve worked hard to embed security and privacy in the DNA of our [Insert Your Company Name Here] and hope you feel empowered to prioritize cybersecurity as a valued member of our team! If you have any questions feel free to reach out to our security team [Insert Security Team Contact Information Here].
Happy Cybersecurity Awareness Month, everyone!
Suggested email for your customers
Hi Friends of [Insert Your Company Name Here],
October is Cybersecurity Awareness Month! In recognition of it, we would like to share with you what we’re doing to keep our team, our customers, and our community cyber safe – this and every other month.
At [Insert Your Company Name Here], we have taken the privacy-by-design approach to collecting, storing, and destroying the data we handle. This means our infrastructure and processes are designed from the ground up with privacy in mind.
As a part of the [Insert Your Industry Here] Industry, our security and privacy policies and operations ensure that we are compliant with [Insert Relevant Laws and Regulations That You are Compliant with like GDPR, PIPEDA, HIPAA].
Our data privacy and protection policies ensure your information is secure. [Outline your privacy policies here. This can include how you minimize data collection and your processes to securely destroy data that is no longer needed.]
If you have any questions feel free to reach out to the [Insert Your Company Name Here] Team.
Learn more about Cybersecurity Awareness Month and what you can do to champion cybersecurity here.
Suggested Social Copy
Copy, paste, and post the following social copy to your communities. Don’t forget to insert your company name and details where necessary and feel free to customize the copy to fit your company’s security priorities!
October is Cybersecurity Awareness Month! At [Insert Your Company Name Here] we are committed to a security and privacy driven culture and work hard to demonstrate that commitment every day.
Whether it’s being compliant with [Insert Regulatory and Legal Frameworks You are Compliant with Here] or ensuring our team is up to date with the latest security awareness training, you can rest assured that cybersecurity is a top priority at [Insert Your Company Name Here].
Learn more about #CybersecurityAwarenessMonth and what you can do #BeCyberSmart here:
October is #CybersecurityAwarenessMonth! At [Insert Your Company Name Here] we are committed to a security & privacy driven culture. Learn more about CSAM & how you can #BeCyberSmart here:
Suggested Social Graphics
Feel free to use the following graphics to demonstrate you commitment to security and privacy!
How Much Should I Invest in Security?
A Startup Checklist
One of the most common challenges startups face when starting their security and privacy journey is deciding how much to invest in their program. While under-investing and neglecting your program has its obvious issues, over-spending on unnecessary resources, tools, and services can be just as detrimental.
The key to a cybersecurity program that not only protects and prepares your company for the current threat landscape, but also acts as a key business driver is building a program that meets your company’s specific security and privacy needs. No two companies are the same, so no two security programs should be either.
Knowing where to start is the hardest part – but Carbide has you covered. When deciding how much to invest in your security program, begin with the checklist of questions and considerations below.
❏ What is your company’s stage and size?
Your investment in security will grow as the size and budget of your company grows. An organization that just closed a $250,000 pre-seed round and has almost no revenue is generally not expected to spend $100,000 a year on security and privacy. In the early days, you may not spend much in terms of hard costs, but rather in the development time implementing good practices into your base systems and policies.
❏ How does your industry influence your customer’s expectations and requirements?
In many industries, security requirements are mandated by legislation, but customer expectations of security are also important to consider. Your client’s expectations will generally be driven by the maturity, sophistication, and sensitivity of the information your company collects.
Be sure to identify and understand what legal and industry specific security requirements you’ll need to meet to be compliant and ready to meet your client’s security expectations.
❏ Where are your customers located?
The security and privacy requirements you must comply with will vary depending on where your customers are located. Make sure you know about the international, federal, state, and local regulations that apply to you.
❏ Will you be dealing with customer data? What kind of data will you be handling?
The nature of the data you handle will determine both the legal and regulatory requirements you must fulfill as well as the expectations your customers may have of what you do with their data. Make sure you understand both and what processes you’ll need to implement into your operations to ensure you remain compliant.
❏ Do you understand your risk profile?
This is one of the most important factors in determining your security efforts and investment. Your risk profile is established by conducting a risk assessment and developing a summary of the threats to your business and the potential quantitative and qualitative impacts of those threats to the company.
Conduct periodic risk assessments as your company evolves from concept to growth stage, and as you pivot, launch new products and services, or enter into new markets.
Looking for more support with developing a security and privacy budget? Connect with the Carbide Team to learn more about how we can help optimize your program and ensure you’re getting the most from your security investment.
Want more? We’ll be releasing tips, guidance, and resources for you to leverage throughout Cybersecurity Awareness Month. Follow us on Twitter and LinkedIn to get access to all the exciting materials coming out in October!
Share
