We need more than just a month for Cyber Security Awareness

Raising cyber security awareness is always a good thing. Awareness and education is a critical component of improving online safety and security, and addresses what is often (if not always) the weakest link of the chain: human beings.

Organizations such as SANS, the US government, and the Canadian government take advantage of the heightened meta-awareness to increase awareness on specific issues. In other words, more people are expecting to see information throughout the month so various sources diligently oblige.

A few examples of content available today:

• SANS: Cyber Security Awareness Month ; Day 1 - Port 445 - SMB over TCP
• Government of Canada: What Is Cyber Security Awareness Month?
• US Department of Homeland Security: National Cybersecurity Awareness Month
• Microsoft: Stay safer online for National Cyber Security Month
• NCSA: National Cyber Security Awareness Month

That's all great stuff. In $DAY_JOB, my team is responsible for our organization's security awareness program (among other things) and we have activities planned for October. We have awesome executive level support. That is also great :)

That said, we need more than a month. Attacks aren't just scheduled for October, and people cannot afford to only be aware in October. Of course, that would never be the intention of a month dedicated to highlighting the need for awareness, but I think a crucial component of any awareness campaign must be to encourage awareness year round, 24/7/365.

There is rarely an hour of any day that some portion of my brain isn't thinking about cyber security, but I'm the first to admit that I'm not normal ;) Campaigns like this succeed in some way, however small, if they get people thinking more about their own behaviour and online safety and integrate that level of awareness into their daily lives.