If you work in tech PR (or you’re a journalist) you’re all too familiar with National Cybersecurity Awareness Month (NCSAM). Hopefully whoever you are or whatever you do for a living, you understand why this month of awareness is important and why we need to shed light on the proactive steps people can take to protect their information — whether that’s in the workplace or in their personal lives.
According to the National Initiative for Cybersecurity Careers and Studies (NICCS), NCSAM is “a collaborative effort between government and industry to raise awareness about the importance of cybersecurity and to ensure that all Americans have the resources they need to be safer and more secure online.” It should come as no surprise then, that the theme this year was “Own it – Secure it – Protect it,” with a strong focus on data privacy, IoT devices, e-commerce security, and social media.
After all, the internet touches every aspect of our everyday lives. From the time we wake up to the time we go to bed we’re connected, whether it’s en route to the office, or scrolling through Instagram as our heads hit the pillow. It’s paramount (read: it’s our obligation) to take the necessary steps needed to #BeCyberSmart.
So, as cyber intrusions and phishing attempts become more sophisticated, it’s absolutely critical that employers and employees take actionable steps to secure and protect themselves — and their data — online and when using their connected devices. To put it simply: as hackers and their attacks become more prevalent, why shouldn’t our own preventative measures?
“Security attacks against small, privately owned businesses have been steadily increasing over the past year,” said Caroline Garrett, our San Francisco office manager. These attacks can have a devastating impact on businesses, in fact, one study found that globally the average cost of a data breach was $3.86 million, a 6.4% increase over 2017. The same study found that data breaches are even more detrimental to SMBs, citing damages from a breach can be equivalent to the total value of a small business.
At Highwire, we are humble enough to recognize that we can always do more to safeguard company data, protect our employees, and train our staff to become stewards of their personal data while practicing good cybersecurity hygiene. That’s why we recently rolled out a series of interactive training modules that were mandatory by all Highwire employees, covering a wide range of topics and teaching employees everything from how to spot phishing scams and stay safe on public Wi-Fi, to protecting company information while traveling and creating unique, strong passwords.
“These trainings go out at random times throughout the year,” said Garrett. “I find this important as it’s a constant refresher, rather than a long, laborious training that occurs twice a year. I want people to walk away with the knowledge to take to their clients, ensuring that they too are secure in their practices.”
So how well did we fare? Our strongest category overall was the module “Work Safely Outside the Office,” with a 98 percent pass rate. The overall industry benchmark standard for these trainings is 77.9 percent, and the overall benchmark for our agency is 77.4 percent. But, we’re not stopping there.
In addition to the ongoing training modules, Highwire’s operations team also sent out fake phishing emails to show employees that these attacks are now so sophisticated, that emails may appear to be coming from someone within your company — like your accounting director or your boss– when they’re actually just a cyber criminal in disguise. Even if you feel like you have a strong sense of what a phishing attempt looks like, everyone needs to scrutinize these messages in order to determine what’s legitimate.
“I fell for the first one even after going through our internal training about what to watch out for,” said Tori Sabourin, senior digital manager at Highwire. “Falling for the fake phishing email was a wake-up call, so now I’m extra cautious when opening emails that look to be a bit out of the ordinary.”
To continue to spread awareness around NCSAM and our training initiatives, Highwire’s Society committee hosted a “Cybersecurity Jeopardy” night across some of the Highwire offices. We wanted to take all of the great content from our trainings and have some friendly competition (because, why not?).
And while this was the perfect excuse to share some champagne and cheese in honor of World Champagne Day, this really was about taking what we learned from the trainings and putting our knowledge to the test. Shout out to Lizzie, Jill, Amruta, Talia, Mariah, and Jazmin in the San Francisco office for winning and Robby, Jordana, Ben, and Tricia from our New York office! (Boston and Chicago – it’s your turn to strut your cybersecurity stuff!)
What’s next for Highwire? We’ll continue to roll out mandatory training modules and security protocols that empower our employees to make smart, safe decisions online. Our mission in taking a proactive approach to cybersecurity at Highwire isn’t intended to disrupt our daily routines. Instead, it’s about practicing some easy-to-follow habits, like always being mindful of suspicious emails, keeping your computer software up to date, and changing your passwords on a regular basis.