Download the Resource Kit Here
Check out these Cybersecurity Awareness Month assets to spread awareness and demonstrate your organization’s commitment to security and privacy.
Table of Contents
Copy, paste, and send the following emails to your internal team and to your external client and stakeholder communities. Don’t forget to insert your company name and security team contact information where necessary and feel free to customize the copy to fit your company’s security priorities!
Suggested email for your internal team
Hi [Insert Your Company Name Here] Team,
FYI – Most security breaches occur because of human error, and education is the best way to combat common mistakes. Did you know October is Cybersecurity Awareness month? This October, we want to continue to invest in our team by providing education and insights into security best practices to help you and your fellow colleagues stay safe online.
Check out the resources below for simple steps and reminders on what you can do to stay secure at work (and in your personal life).
Beware of social engineering
Social engineering is arguably the most common technique bad actors use to gain access to an organization’s systems. The cyber attack approach specifically targets employees because they are often the most vulnerable part of a company’s defense. Threat actors will mimic trusted identities, usually with email addresses, to dupe their victims into divulging information to access restricted systems.
Some of the most common types of social engineering techniques include:
A typical phishing email uses what looks like a common sender – like a bank, telecommunications company, or other billing company, and a generic greeting to reel the victim in. The email will often prompt the victim to click a malicious link under the guise of dealing with their account, overdue payment, or other urgent requirement.
Baiting involves offering something to a user to pique their interest. Two forms usually occur; phishing and physical baiting. In phishing, baiting is usually in the form of a promise – like a prize to be won that is sent to the user’s email. “Click this link to claim your prize!”
In physical baiting, the social engineer usually leaves a USB stick behind that entices the user to plug it into their computer which leads to infecting the device with malware.
In pretexting, the social engineer usually tells a story that compels the user to act based on the exploitation of the victim’s trust or emotional connection. The social engineer will send an email that looks like it is from a trusted friend, co-worker, or organization. The email usually presents a problem to be solved or might even request a donation to a particular cause. The email will usually include a link to a portal where information can be entered to be phished from the user.
When it comes to any of these forms of social engineering, the best course of action is to proceed with caution and always think before you click a link or give any personal information. If you notice anything suspicious while working at [Insert Your Company Name Here], [Insert Your Company Security Reporting Policy here – i.e forward the suspicious email to our security team at <<email>>].
For a more in-depth look at social engineering, check this blog post.
Good Password Hygiene
Password management is essential to data privacy and security. Your passwords should be unique and random – No birthdays, dog’s names, or addresses!
That being said, creating and keeping track of all your passwords can be difficult. Here are a few tips if you’re not sure where to start:
- Don’t Use Significant Dates
- “Password” is NOT a Password
- Obvious Sequence of Numbers or Letters
- Your Website Name
- Use a Tool to Generate Your Strong Password
Check out this blog for more information on best password practices that will keep you secure but won’t make you lose your mind remembering a hundred complicated phrases.
No matter what month it is, cybersecurity is everyone’s responsibility. We’ve worked hard to embed security and privacy in the DNA of our [Insert Your Company Name Here] and hope you feel empowered to prioritize cybersecurity as a valued member of our team! If you have any questions, feel free to reach out to our security team [Insert Security Team Contact Information Here].
Happy Cybersecurity Awareness Month, everyone!
Suggested email for your customers
Hi Friends of [Insert Your Company Name Here],
October is Cybersecurity Awareness Month! In recognition of it, we would like to share with you what we’re doing to keep our team, our customers, and our community cyber-safe – this and every other month.
At [Insert Your Company Name Here], we have taken the privacy-by-design approach to collecting, storing, and destroying the data we handle. This means our infrastructure and processes are designed from the ground up with privacy in mind.
As a part of the [Insert Your Industry Here] Industry, our security and privacy policies and operations ensure that we are compliant with [Insert Relevant Laws and Regulations That You are Compliant with like GDPR, PIPEDA, HIPAA].
Our data privacy and protection policies ensure your information is secure. [Outline your privacy policies here. This can include how you minimize data collection and your processes to securely destroy data that is no longer needed.]
If you have any questions feel free to reach out to the [Insert Your Company Name Here] Team.
Learn more about Cybersecurity Awareness Month and what you can do to champion cybersecurity here.
Suggested Social Copy
Copy, paste, and post the following social copy to your communities. Don’t forget to insert your company name and details where necessary and feel free to customize the copy to fit your company’s security priorities!
October is Cybersecurity Awareness Month! At [Insert Your Company Name Here] we are committed to a security and privacy-driven culture and work hard to demonstrate that commitment every day.
Whether it’s being compliant with [Insert Regulatory and Legal Frameworks You are Compliant with Here] or ensuring our team is up to date with the latest security awareness training, you can rest assured that cybersecurity is a top priority at [Insert Your Company Name Here].
Learn more about #CybersecurityAwarenessMonth and what you can do here.
October is #CybersecurityAwarenessMonth! At [Insert Your Company Name Here] we are committed to a security & privacy-driven culture. Learn more about #CSAM here.
Want more? We’ll be releasing tips, guidance, and resources for you to leverage throughout Cybersecurity Awareness Month. Follow us on Twitter and LinkedIn to get access to all the exciting materials coming out in October!