Call us about IT Support in London 020 7572 0000
Every year, October is recognised as Cyber Security Awareness Month
Its purpose is to raise awareness and encourage individuals and organisations to take action that makes us more resilient.
Launched in 2004 by the Department for Homeland Security in the US, it has become a global phenomenon. Europe’s education programme has run since 2014, coordinated by the European Union Agency for Cybersecurity.
Of course, cyber security is not just for October; it’s for every day of the year. Cyber Security Awareness Month might prompt you to start several initiatives that, despite good intentions, run out of steam. To avoid this, you could plan a calendar of events, reviews, initiatives and education that you can spread across twelve months or four quarters.
Actions to consider for your cyber security calendar
- World Backup Day is 31st March each year.
Review your backup. Where is your data, and how do you back it up? Remind people where they must save for the data to be backed up. Has anyone started saving, for convenience, to locations they shouldn’t? What data don’t you backup, and does that need to change, for example your website or your mobile phones? - Phishing education benefits from monthly reminders
Most cyber threats come in via email and are a constant threat we need to vigilant about. When did you last remind people to look out for phishing emails and help them recognise them, especially the new AI-generated variety? Do they know to look out for vishing or smishing? It’s possible to have testing and awareness training that continues throughout the year. - National Password Day, first Thursday in May
How can you ensure you have a strong, unique password for all your accounts that is easy to generate, securely stored and easily accessible wherever and whenever you need it? Remind people not to write them down, store them in browsers or share them insecurely. But try to ensure no one person is a "single point of failure", i.e. only one person knows and has access to administrative controls. - Security on the move
In 2024, 13 phones were stolen every hour in London. Review your mobile phone protection, check laptop encryption and consider how you can mitigate the risks of lost or stolen devices. - Protect and audit logins
It’s a good idea to audit users and permissions regularly. Over time you may accumulate redundant logins or have raised permission levels that need to be revoked. As well as critical accounts, review less critical logins for social media or marketing email services. Most of us now use a variety of online apps or websites that require a login, but may have been setup without enforcing MFA. - Consider new threats
Are you using AI securely or are you leaking private data? Are you aware of new threats such as AI-generated deep fakes? - Security Awareness Training
Remind people regularly of the threats and scams that any one of us can fall prey to. Communications from more senior staff tends to raise organisational attention levels, and you want people to be thinking actively, checking things and raising issues. - Incident response exercises
The last few months have shown the difficulties and pressures of running an organisation under attack. Recovery testing and desktop simulations of cyber attacks help you cope better with the pressure of a real incident when it occurs. - The primary purpose of a backup is to limit your data loss and recover your business. When did you last test how quickly and fully your business can recover? Consider conducting recovery fire drills once or twice a year.
Regardless of our level of cyber security maturity, we all need to conduct reviews and consider changes. However, it’s particularly challenging for startups and scale-up organisations which often have smaller budgets and limited time and internal resources. Fortunately, Cyber Security Awareness Month frequently provides a plethora of resources and guidance to help you plug security gaps and mitigate risks. Here are some ideas:
- Consult professional bodies you may belong to. Many, such as the ICAEW, provide resources at this time of year.
- Other organisations such as the Federation of Small Businesses will provide practical guidance on this year’s theme of “Stay Safe Online” and link to other resources.
- If you have Cyber Security insurance, some insurers now offer academies your staff can access to help reduce risk and premiums, as well as raising awareness.
What other national dates or routine checks do you have on your calendar? Let us know, and we’ll update our list. We hope this helps improve your cyber resilience and get in touch if you would like our help in compiling a cyber security roadmap and budget.
