Cyber Security Awareness Planning Toolkit
October is known as National Cyber Security Awareness Month, or NCSAM. Organized and run by the National Cyber Security Alliance (NCSA), October is dedicated to creating awareness about cyber security. To help you and your organization make the most of this October, SANS Securing The Human has created this NCSAM Planning Toolkit. This kit contains the resources you need for a high-impact October including a planning matrix on what to do, communications templates and resources such as newsletters, posters, tips and other materials. The kit is designed to work on its own or supplement anything you may already have planned. OUCH! newsletters and posters fall under the Creative Commons BY-NC-ND 4.0 license. You are free to distribute them within your organization or to your customers as part of October, however you cannot modify them. If you have any questions or suggestions on this community resource, please contact us at email@example.com.
Where To Start
Start with the Planning Matrix below, this gives you a high level overview of what you can do each week and when. Keep in mind, you are in no way limited to what is just listed here. You are welcome and encouraged to add other materials and events. Each week of October has a specific theme determined by NCSA (listed below) with our materials mapped to each weekly theme. The key we have learned to a successful security awareness month is effective communication. Make sure you have a defined process or relationship with your communications team so they help you communicate each week's activity. You want to be working with them now to lay that groundwork since communication is key. To learn more about making the most of the NCSAM Planning Kit, view our recorded webcast. Some additional key points and resources:
- When talking about NCSAM on social media use the hashtag #CyberAware
- Consider becoming a NCSA Champion, a free program that NCSA sponsors giving your organization recognition for your efforts and access to more resources.
- Consider joining and use the resources from the STOP | THINK | CONNECT program.
- Find more editions of OUCH! Newsletters and multiple translations in over twenty languages at the OUCH! Archives Site.
- To learn more about preparing for NCSAM, view this joint webcast between STH and Michael Kaiser, President of NCSA.
2016 Weekly NCSAM Themes
Here is an overview of the weekly themes. You can find a detailed description of each week's theme at NCSA's website.
- Week 00: Sep 26-30: This is the last week of September. This is when you want to start communicating about October to your organization and what people should expect. This is when you need to build excitement and buzz.
- Week 01: Oct. 03-07: Basic steps to online safety and security.
- Week 02: Oct. 10-14: Creating a culture of cybersecurity in the workplace.
- Week 03: Oct. 17-21: Recognizing and combating cybercrime.
- Week 04: Oct. 24-28: Continuously connected lives, what is your "Apptitude"?
- Week 05: Oct 31: This is only a single day focusing on Critical Infrastructure / Industrial Control Systems. As this is only one day and very industry specific, we are not including this day in the planning kit. For organizations involved in this industry, we highly recommend the poster Control Systems Are a Target or link to the video Anatomy of a ICS Network Attack.
|WEEK 0||Preparing for Upcoming Month|
|Tue, Sep 27||Email template||Email announcing activities for that week|
|Optional Activity||Planning Template||Shredding Day||If you have an activity below that does not work for you, replace it with this one.|
|WEEK 1||STOP. THINK. CONNECT.: Best Practices for All Digital Citizens|
|Mon, Oct 3||Email template||Email announcing upcoming activities for NCSAM|
|Tue, Oct 4||OUCH! Newsletter||Securing Your Home Network||You can distribute this newsletter digitally to your staff or print and distribute physical copies. This newsletter has been modified with the date removed.|
|Wed, Oct 5||Poster||Creating a Cyber Secure Home||You can distribute this poster digitally to your staff or print and distribute physical copies.|
|Thr, Oct 6||Lunch-n-Learn Presentation / Webcast||Securing Your Kids||These are materials you can use to present your own lunch-n-learn on how staff can secure their kids / family online.|
|Fri, Oct 7||Online Video||Video from RSA Conference Workshop on Securing Kids||You can link to this site from your own internal portal or distribute the link to this staff via email or other means.|
|WEEK 2||Creating a Culture of Cybersecurity in the Workplace|
|Mon, 10 Oct||Email template||Email announcing activities for that week|
|Tue, 11 Oct||OUCH! Newsletter||CEO Fraud||You can distribute this newsletter digitally to your staff or print and distribute physical copies. This newsletter has been modified with the date removed.|
|Wed, 12 Oct||Poster||You Are a Target||You can distribute this poster digitally to your staff or print and distribute physical copies.|
|Thr, 13 Oct||Online Video||Targeted Attacks||You can link to this site from your own internal portal or distribute the link to this staff via email or other means.|
|Fri, 14 Oct||Online Feed||Tip of the Day Program||You can link to this site from your own internal portal or distribute the link to this staff via email or other means.|
|WEEK 3||Recognizing & Combating Cybercrime|
|Mon, 17 Oct||Email template||Email announcing activities for that week|
|Tue, 18 Oct||OUCH! Newsletter||Ransomware||You can distribute this newsletter digitally to your staff or print and distribute physical copies. This newsletter has been modified with the date removed.|
|Wed, 19 Oct||Internal Event / Lunch-n' Learn||Internal event with Guest Speaker||For this day you will need to find and coordinate a speaker for your event. This is an amazing way to generate excited and engagement for the month.|
|Thr, Oct 20||Two Steps Ahead Campaign||Enable Two-Step Verification||This is one of the most important steps people can take to protect their online digital lives and is part of a nationwide awareness campaign.|
|Fri, 21 Oct||Poster||Don't Get Hooked||You can distribute this poster digitally to your staff or print and distribute physical copies.|
|WEEK 4||Our Continuously Connected Lives: What's Your "Apptitude"?|
|Mon, 24 Oct||Email template||Email announcing activities for that week|
|Tue, 25 Oct||OUCH! Newsletter||Internet of Things|
|Wed, 26 Oct||STH Blog||Dealing with Smart Technologies||These blog posts will be availabe the first week of October.|
|Thr, 27 Oct||Planning Template||Mobile Device Checkup Event||Your security team hosts a booth where employees can ask questions about their mobile devices and your team can collect valuable metrics.|
|Fri, 28 Oct||STH Blog||NCSAM Wrap-up||These blog posts will be availabe the first week of October.|