Check your calendars, because November 30th is National Computer Security Day! In this article we’ll cover what the day is all about, where it came from, and what you can do to celebrate the day while supporting your clients or colleagues in staying cyberaware.
What is National Computer Security Day, and where did it come from?
The very first National Computer Security Day was back in 1988, more than thirty years ago. Some people believe it began because of one of the first ever cyberattacks, the ARPANET attack. ARPANET was the precursor to the internet as we know it today, and in 1988, an attack impacted as much as 10% of the connected computers on the network. The attack is known as the Morris-worm, and in hindsight, many of the architects of what would become the internet realize that they weren’t focused on security whatsoever.
Soon after this event, the ACM, the Association for Computer Machinery announced National Computer Security Day, to bring security for computers and connected machines firmly into the limelight and try to raise awareness for new and existing cyber security issues.
Why is National Computer Security Day on November 30th?
One of the reasons that this particular day was chosen to mark cybersecurity awareness is its juxtaposition to the holiday season, a notoriously dangerous time in cybersecurity. In fact, this year in 2021, reports estimate that there could be 8 million attacks every single day between November and December, from Black Friday until the new year. The majority of attacks start from human error, such as clicking on a malicious link in a phishing email, or picking an insecure password. These mistakes are more likely to be made during the holiday season, because of issues like fear of missing out on a great cyber-Monday deal, or distraction caused by imminent vacation plans or a skeleton staff over Christmas.
This year in particular the threat is extremely high, because many employees are still working from home, on insecure home networks and yet while connecting to their office computers or sensitive customer data. 56% of senior IT professionals believe that workers who are WFH have bad habits that office staff don’t have to worry about.
What should IT professionals be thinking about for National Computer Security Day?
So, this National Computer Security Day, how can you spread the word? Whether you’re a Managed Service Provider handling IT systems for multiple client environments, or if you’re in charge of a corporate IT environment as the Head of IT and Security, here are some great initiatives that could make all the difference to security.
Encourage a “no secrets” policy
Many employees are simply scared to ‘fess up to unsafe behavior such as clicking on the wrong links, or deploying Shadow IT – software or hardware that hasn’t been approved. However, these secrets do no one any good, and you can’t fix or secure what you aren’t aware of. Create a policy where anyone can come forward without any consequence to report a potential security issue.
Spread the word!
Honesty should go in both directions. If you keep all the knowledge siloed in your own department, (and sometimes it’s even in your own head!) then you can’t expect your employees to know or care. Remember, security and IT is your day job, but for all the rest of your customers or colleagues, it’s just an added item on a growing to-do list. Make things easy by sharing articles you’ve read, or compiling lists of best practices.
Make it fun
If the culture fits this kind of idea, why not try creating some kind of gamified system for cybersecurity in an organization? For example, set up phishing simulation tests and then keep score of who falls for them and who passes with flying colors. You could also mimic the idea of mystery shoppers who test the behavior of retail staff by sending out mystery hackers who test staff on security practices, like plugging in unknown flash drives, or sharing sensitive data. You could even rate employees on how strong their passwords are, challenging staff to come up with the strongest password of them all! Don’t forget to highlight improvements so that no-one gets their feelings hurt!
Create smart internal policies
If you’re not sure whether cybersecurity is a focus for your organization or your client, ask yourself, have you laid out your expectations? Sometimes it really is as simple as, employees don’t know what they should be doing. Setting up multi-factor authentication and enforcing that everyone uses it, making rules about common threats like public WiFi, remote access when working from home, or weak passwords is a great way to codify expectations and get everyone on the same team.
This National Computer Security Day, play an active role
On the day itself – hit the ground running by sending round some best practices via email, setting up a Q&A around lunch time in the office, or even just creating some social media posts that highlight the added risks of the holiday season, and show that you’re ready to take cybersecurity seriously.
Whether you’re working across multiple client environments, or in charge of your own internal IT, employees are relying on you to keep the network secure, and trusting that you’re taking the wheel. However, the truth is that you need everyone on side, as you’re only as secure as your weakest link. Don’t address cybersecurity from inside your ivory tower. Instead, get everyone as involved as possible by setting smart strategy in place, distributing expectations far and wide across the business, and implementing policies that can be easily understood by any employee, from day one.