Pools are closed, schools are back in session and it’s officially National Cybersecurity Awareness Month (NCSAM). Telos is proud to celebrate the 20th anniversary of the program by reflecting on its impact on both consumers and cybersecurity professionals over the years.
Consumer roots with commercial potential
Launched in 2004 by the National Cybersecurity Alliance (NCA) & the U.S. Department of Homeland Security (DHS), NCSAM was created as a collaboration between government and private industry to raise awareness about digital security and empower everyone to protect their personal data from digital forms of crime.
In its infancy, NCSAM was a broad effort to help all Americans stay safer and more secure online. As such, the program catered primarily to everyday consumers, promoting basic cybersecurity tips like updating antivirus software and strengthening weak/overused passwords. Over the past 20 years, however, the program’s reach and participation has skyrocketed as consumers and businesses alike continue to grapple with the security challenges that come with digital transformation.
Just last year, partner engagement for NCSAM increased 90% as more than 6,200 organizations signed up to become Champions. From Bank of America to the Department of Justice (DOJ), Salesforce to Github, organizations across all industries got involved in promoting crucial security tips that apply to everyone – consumers and businesses.
Present security priorities, future impact
This year, NCSAM is focused on how far security education and awareness has come throughout the past two decades and where it needs to go in order to create a secure, interconnected world. The program is focused on four key behaviors throughout the month, including:
- Enabling multi-factor authentication (MFA)
- Using strong passwords and a password manager
- Updating software
- Recognizing and reporting phishing
While these steps may seem like basic cyber hygiene, they’re nothing shy of essential for both consumers and cybersecurity professionals. As NCSAM continues to grow, the cybersecurity industry must embrace these behaviors by baking them into organizational DNA. For instance, just as everyday consumers should enable MFA to protect their banking applications and social media pages, cybersecurity professionals must rely on MFA to safeguard critical systems from compromise. Over time, these practices should and will become second nature to all who adopt them.
On the corporate level: taking a close look at cybersecurity frameworks
If we broaden the focus and examine the topic of cybersecurity best practices from not just the perspective of an individual but an entire corporation, it may be helpful to also reference major cybersecurity frameworks, including the NIST CSF and others. These frameworks provide risk professionals with specific standards and guidelines for reducing risk. When implemented properly, these guidelines should cascade down to the policies and procedures governing cyber risk, resulting in standardized practices across an organization.
Increasingly, cybersecurity is becoming a board-level issue, as cyber risk may also mean a risk to an organization as a whole. As mentioned in this CISO Mag article, boards that are familiar with pertinent cybersecurity frameworks are better able to contextualize their organization’s cybersecurity program when comparing it to others.
Best Practices as a Stepping Stone to Success
As we celebrate the 20th year of NCSAM, let’s use the milestone as a reminder not to overlook the cybersecurity basics. In addition, these fundamental cybersecurity tenets can be a great way to start conversations within your organization about cybersecurity practices to ensure that both individuals and security operations teams are on the same page. Following these guidelines from NCSAM is a great step to ensure strong, foundational security that goes the distance.