Reinforcements for Security Awareness Programs

Our popular magazine-quality newsletter offers you an easy way to keep your staff up-to-date on policies and best practices. By presenting important information in a non-technical, conversational tone that appeals to a wide variety of audiences, we make security awareness easy to understand (and fun to read!).

Consistency is vital to the success of any awareness program. Monthly newsletters are a proven way to reinforce and create this consistency!

Reminding users of important messages and policies each month in an approachable, fun manner will help you take strides towards establishing a strong culture of learning and security awareness within your organization, as well as leveraging more informal learning opportunities.

Each month, our content is written according to a list of topics we release before the beginning of each year.* This allows the newsletter to remain current while focusing on all of the important issues.

We recommend planning your entire year’s security awareness program around these topics, providing microlearning opportunities (such as posters, games, or videos) along with the newsletter. We often cover the same topics every 12-18 months, addressing them from a different perspective or angle.

* Topics are subject to change based on important infosec issues and/or to stay relevant with up-to-date news.

Jan: Data Privacy Fundamentals
Data privacy is an ongoing challenge in the modern work environment and an ongoing concern for every individual worldwide. This issue addresses those challenges by revisiting the fundamentals of how to protect sensitive information at work, at home, and everywhere in between.

Feb: Understanding the Insider Threat
The concept of insider threats stems from the simple idea that every member of an organization is an insider, and any access they’ve been granted makes them, by default, a threat. By raising awareness about the importance of protecting access, physical and digital, you can empower end users to better understand their roles and become insider assets.

Mar: Security Awareness and Culture
Culture traditionally refers to the shared customs, arts, and other characteristics of specific groups of people. Similarly, the security awareness culture of an organization refers to the shared human effort of protecting information. This shared effort shapes employee behavior and ultimately defines the strengths and weaknesses of your organization’s security profile.

Apr: The Internet of (Hackable) Things
The Internet of Things, or IoT, continues to permeate society with smart devices that make life easier. While convenient, those devices come with a clear and present downside of excessive data collection. To make matters worse, the IoT often prioritizes convenience over security. As such, maintaining privacy in the connected world requires smart, security aware, unhackable people.

May: Gatekeepers: The Guardians of Data
A common saying in the information security field is, “end users are your last line of defense.” Meaning criminals might find a way to bypass technical safeguards, so it’s vital that they don’t find a way to bypass the final defensive layer: your employees. This issue explores that concept through the lens of gatekeepers: the individuals who ultimately protect information and determine the strength of an organization’s security.

Jun: Avoiding Malware Infections
From stealing information to holding data hostage for a ransom to distributing critical services, malware infections are always bad news. The good news is that those infections can be easily avoided through a combination of security awareness and technical safeguards. Empower your end users with knowledge of both so they can keep systems and devices healthy, regardless of their job title.

Jul: Nontechnical and Physical Security
While information security often focuses on cyberthreats like phishing and malware, there’s a non-technical side to protecting data that deserves equal attention. This month’s issue serves as a common-sense refresher by identifying low-tech attacks used to steal information, and highlighting the importance of physical security.

Aug: Unmasking Cybercriminals
If you want to gain a firm understanding of how something is built or how it works, take it apart and rebuild it yourself. This concept is also true in cybersecurity. If you want to know how cybercriminals successfully scam people, it’s vital to unmask their motives and look at the world from their perspective. Doing so highlights why you might be targeted and how to avoid becoming a victim.

Sep: The Fundamentals of Social Engineering
Take a journey through the mind of social engineers, the scammers who rely on deception, manipulation, and persuasion. Along this journey you’ll discover that most security incidents don’t involve highly sophisticated attacks. Instead, most are made possible with a little encouragement from savvy social engineers, who are adept at exploiting any organization’s top vulnerability: human emotion.

Oct: Scareware
Scareware typically refers to the sudden popups that claim your computer is infected and urges you to download software to fix it. This month’s issue dives into the psychology behind such scare tactics, including how scammers use them to steal data or money, and what every individual should know about the fear factor behind successful attacks.

Nov: Identification and Authentication
Proper password management represents one of the most critical aspects of security. It’s also an area of security that people tend to overlook, putting their accounts at risk. Avoiding that risk can be as simple as reviewing the basics of strong passwords, implementing a second layer of authentication in case a password gets leaked, and utilizing tools that make password management a breeze.

Dec: Mobile Device Hygiene
Convenient, portable, and powerful, there are over 6 billion active smartphones in the world, and more are activated every day. Criminals would refer to that as a target-rich environment, meaning it’s a massive attack surface with ample opportunities to steal data or money. As such, it’s vital to prioritize mobile device hygiene and make life hard for attackers who have shifted their focus to the computer in your pocket.

1-5 minute security “bytes” that cover a broad range of topics and include a wide variety of styles. These are great to use every month to keep security in the forefront of your employees’ minds.

Video reinforcements are an easy way to create informal learning opportunities for your employees. Short, focused, to-the-point, videos don’t require assessments and feel less like training and more like how your users already interact online.

Security Documents can help keep your users engaged in your security awareness training program!

The key to creating a successful information security awareness training program is to reinforce key messages as often as possible. To do this, you must catch your users’ attention and hold it. That’s where our versatile Security Documents come in!

Security Documents are standalone pages, designed to be eye-catching enough to grab employees’ attention to create teachable moments outside formal learning. These are delivered as PDFs and can be used in a variety of creative ways. You can add these pages onto any other PDF (such as a newsletter or policy document), print them out to use as flyers in bathroom stalls or elevators, or combine them to create a customized magazine on a specific subject. It’s up to you!