Cybersecurity Awareness Month: A tale of two institutions

The beginning of a school year is always a time of change and uncertainty. That feeling has been intensified by the issues raised for education due to the COVID-19 pandemic.

Stats show that there has been a 600% increase in phishing attacks since the onset of the COVID-19 pandemic (Barracuda, 2020). Add to that a sudden sharp surge in working and learning from home and you get a greater concern about the security of staff, students and data.

One of the best defences to these issues is to make sure your users are educated and engaged when it comes to cybersecurity. October is Cybersecurity Awareness Month (CSAM), and it is the perfect opportunity to both educate and be educated. This month, we highlight two members of the Ontario Cybersecurity Higher Education Consortium (ON-CHEC). Whether you’re a university with much experience in running CSAM programs or a college just starting out, we show you that any effort to raise cybersecurity awareness, big or small, is worth it.

Diving into cybersecurity awareness month at Humber College

October 2020 marks the first time that Humber College is launching a Cybersecurity Awareness month program. During weekly ON-CHEC calls, Humber benefitted from the experience and expertise shared by other organizations about their CSAM activities. I also connected them with The Canadian Centre for Cyber Security which is responsible for monitoring threats and coordinating the national response to cyber security incidents.

When we spoke, they had planned a user competition, awarding points and setting up virtual cybersecurity scavenger hunts to engage with their faculty and students and encourage them to undertake safe cybersecurity practices. This could include participating in phishing quizzes, conducting security scans on their hardware and other activities that encourage active learning.

Humber College is taking the right steps to continue to raise awareness within their organization. If you’re worried about the cost and complexity of launching your own CSAM initiatives, Humber’s approach using The Canadian Centre for Cybersecurity CSAM tool kit can serve as a role model.

Getting creative with cybersecurity awareness at Trent University

Trent University is no stranger to raising cybersecurity awareness during Cybersecurity Awareness month or the rest of the year. This October, Trent is also running a competition in which students/faculty can earn points for their teams by completing cybersecurity-aware tasks (such as scans, phising tests, and other activities). They are adjusting for the switch to remote work and learning and providing ways for users to participate from home.

Last year when they ran this competition, they tracked 1178 events during the competition for which they awarded points. They gathered 169 survey responses and held nine workshops. They saw drop in people’s response to phishing schemes from 2.3% to 1.78% after Cybersecurity Awareness Month.

A meme created by the Trent Cybersecurity team

One of the many memes created by the Trent cybersecurity team for Cybersecurity Awareness Month

They have found that allowing themselves to think outside the box and be a little creative with their strategies has had an impact. They’ve created several video series with general cybersecurity tips that are approachable and light-hearted. They also had a lot of fun with the creation of their mascot, The Cybersecurity Dinosaur, who appeared in memes throughout the 2019 CSAM.

“A big key to our success in this program was getting a team of very talented individuals together and letting them have the freedom to be creative,” says Ian Thomson, Trent’s Cybersecurity and Client Outreach Manager. “We in ON-CHEC, have noticed the efforts that Trent has been making and definitely see them as creative powerhouses when it comes to cybersecurity awareness.”

Big or small, it is worth the effort

These two institutions came into Cybersecurity Awareness Month with different histories of promoting awareness at their organizations. Whether you’re a veteran of cybersecurity awareness raising efforts or if this is your first time launching an initiative, promoting cybersecurity awareness should be a key part of your organization’s cybersecurity strategy.