October 2022:

National Cybersecurity Awareness Month

18th Annual Cybersecurity Awareness Month.

National Cybersecurity Awareness Month (NCSAM) is a joint effort between the government and the industry to raise an emphasis on the importance of cybersecurity as well as bring awareness to the community. Their goal is to ensure all Americans have the resources they need to be safe and secure online. PCC will participate in this month’s Cyber Security Awareness by using their platform to spread resources and educate their audience through weekly web posts. 

NCSAM will emphasize personal accountability, positive behavior changes, and stress the importance of taking proactive steps to enhance cybersecurity at home, school, and in the workplace. This year the overarching message – Do Your Part. #BeCyberSmart – will focus on key areas including citizen privacy, consumer devices, and e-commerce security.

Week 1 Campaign – Cyber Secure at Work

This roughly two-minute video module breaks down the parts of a URL to show how hackers can manipulate them to their gain and everyone else’s loss. You will learn:

  • The fundamental parts of the URL structure
  • What makes a URL received in an email or other means suspicious 

Interactive Mini-Game – Classic Danger Zone

This web-based game is set in an office where a nefarious hacker is trying to get to an unlocked computer. Your employees will be asked to answer security awareness training-related questions correctly, which will move them closer to the workstation. If they answer incorrectly, the hacker will move closer. The goal: Stop the hacker, get to that workstation, and save the organization!

Week 2 Campaign – Watch Out For That Phish

The second week’s suggested campaign theme focuses on phishing. Still the most commonmethod for bad actors to compromise networks and organizations, phishing cannot be discussed enough when it comes to security awareness training content.

Here’s a summary of the assets for this week:

This roughly four-minute video course features Phil Hendrie (voice actor and radio personality)teaming up with Kevin Mitnick (world-renowned security consultant, public speaker, and author) to portray a social engineering attack using pretexting. Pretexting is a form of social engineeringwhere the attacker lies to obtain restricted information or access. Phil roleplays a vishing attack (phone- based phishing), after which Kevin explains how Phil, as the attacker, used socialengineering to trick an unsuspecting user to enter their email login credentials into a fake website.

You will learn:

  • How bad actors can trick their victims into giving up sensitive information with little morethan a friendly voice and information gleaned from social media
  • Red flags to watch out for when requests for login information are involved

Mobile-First Module – Phishing: Don’t Get Reeled In

This interactive module, designed for use on a mobile device, will show your employees someways that cybercriminals use phishing to try to reel them in and break into your organization’s computer networks. Your employees will also learn tips for staying safe that can be used both at work and at home and test their knowledge with a built-in quiz.

You will learn:

  • Why cyber criminals use phishing in the first place
  • How employees can fall for the bait
  • Tips for staying secure

Week 3 Campaign – More Than Just Phishing

The third week’s suggested campaign theme focuses on other social engineering methods beyond phishing. Emails are only one tool in the cybercriminal’s toolbox, meaning your employees need to be knowledgeable about multiple social engineering tactics and strategies tokeep your organization secure.

Here’s a summary of the assets for this week:

This roughly five-minute video module features Kevin Mitnick (world renowned security consultant, public speaker and author) and Rachel Tobac (social engineer and the CEO / Co-founder of SocialProof Security) roleplay a social engineering attack using pretexting. Pretexting is a form of social engineering where the attacker lies to obtain restricted information. Rachel demonstrates and explains how an attacker can gain information about your organization’s defenses by pretending to be a member of the tech support team and how this can lead to yourorganization’s network being compromised.

You will learn:

  • How bad actors can compromise an organization’s network by pretending to be amember of the tech support team
  • Why the software details of their work computers should be kept private
  • Warning signs that someone may be trying to glean information about yourorganization’s network or computers

Interactive Training Module – 2022 Social Engineering Red Flags

This course explains how to spot the red flags and signs of danger associated with common socialengineering methods.

You will learn:

  • How to identify different types of social engineering attacks
  • How to identify red flags to be on the lookout for
  • What actions to take to protect themselves and your organization

Week 4 Campaign – Cyber Secure at Home

The fourth and final week’s suggested campaign theme is keeping cybersecurity top of mind athome; both when working and in the everyday lives of your employees. This includes a focus ontwo-factor authentication, reporting phishing emails and sound internet security practices whenworking from home.

Here’s a summary of the assets for this week (including two training modules):

In this approximately five-minute video module, Kevin Mitnick demonstrates how having two-factor authentication set up can still leave you vulnerable to a phishing attack if you don’t stop, look, and think before taking action on a phishing link.

You will learn:

  • How attackers can get around two-factor authentication via an attached or linked-todocument, such as a resume
  • Red flags of a suspicious email related to a seemingly legitimate two-factor authentication request

Training Video – When You Report, We Get Stronger

This short video module emphasizes theimportance of reporting suspicious emailsusing standard company policies. The key message is, “When you report, we getstronger.”

You will learn:

  • The importance of their role in keepingthe whole organization cyber secure
  • That trusting their gut and reporting asuspected phishing email is better than doing nothing at all

Interactive Training Module – InternetSecurity When You Work From Home

This interactive module helps your employees understand the benefits and challenges ofworking from home and trains them to stay secure online while doing so.

You will learn:

  • Steps to keep their home and devices secure for home work
  • Best practices for working from home successfully