NCSAM week 3 lock with papers

We know and understand that as a security awareness professional you most likely do not have the time nor resources to prepare for October’s National Cyber Security Awareness Month (NCSAM), or Cybersecurity Month as it’s known in Europe. That’s why for the fifth year in a row we have done all the hard work for you with the NCSAM Planning Kit.  The kit defines activities and provides resources for every day of the month, ensuring your program is a success and you are a hero.

WEEK 03: The theme for the third week of October is It’s Everyone’s Job to Ensure Online Safety at Work.   The idea here is to bring a focus to cybersecurity at work.  To be honest, I’m not a fan of saying “Cybersecurity is EVERYONE’S Job”.  When people hear that, they think “Gee, I don’t have to worry about cybersecurity because everyone else is worrying about it”.  I much prefer the Smokey Bear approach to awareness, specifically “Cybersecurity is YOUR Job”. That makes it much more personal.  So, while I love the focus for this week, I suggest replacing the word “Everyone” with “You” to make it more personal.

If you have not done so yet, review the NCSAM Planning Matrix (included in the kit) and identify the activities and resources you want to leverage for this week.  For Monday, start by using the communications template to let people know what to expect this week and WHY they should care.   For Tuesday, we want to engage people, let them know that they are the target, and technology alone will not protect them.  Far too many people believe they have nothing of value, or they think they can do anything they want because anti-virus, the corporate firewall or the security team will protect them.  Emphasize how people, and not technology, are both the target and the ultimate defense.  One way to do this is try the newly updated You Are a Target poster, which you can distribute digitally or in printed format.  For Wednesday, lay the foundation of how most human based attacks work, Social Engineering.  If your workforce can identify the most common indicators of a Social Engineering attack, they will be far more adaptable at stopping whatever cyber attackers throw at them.  As such, we provide the OUCH! newsletter on Social Engineering.  For Thursday, host an interactive Mobile Device Checkup booth, detailed in the Planning Kit.  On Friday, finish up with how to stop one of the most devastating targeted attacks happening today, BEC / CEO Fraud, with cyber attackers making over $7.7 million EVERY SINGLE DAY.

As always, if you want to mix things up be sure to check out the Optional Activities reference in the Planning Kit for additional / different ideas you can use also.  If you have any questions about leveraging the NCSAM Planning Kit, just reach out to me at

SANS Security Awareness NCSAM 2018 blog CTA