Cyber Security Awareness Month: A Time to Reinforce and Strengthen Strategy!

Did you know that October is Cybersecurity Awareness Month in Canada? It’s the best time to brush up on your strategies, knowledge and skills around cyber safety, and contribute to the cyber resiliency of your organization.
In the spirit of Cyber Security Awareness Month, HIROC is sharing our top three tactics to support your cyber safety strategy:
- Organization-Wide Awareness Campaign: Implement formal multifaceted and targeted strategies to support and enhance organization-wide cyber resiliency (e.g., boards, volunteers, employees, independent contractors and learners). Additionally, ensure the adoption of role-based cybersecurity education (e.g., Information Technology, Payroll, Finance, Leadership) and strategies to support skill-based training.
- Vulnerability Management: Take inventory of full information technology and data repository assets, and categorize them by the sensitivity of the data. Identify legacy systems and build a roadmap for upgrades and replacements. Install a vulnerability identification and management process to protect your identified assets and legacy systems through continuous scans of the environment, vendor notifications, and other alerts from trusted agencies. Utilize the Common Vulnerability Scoring System (CVSS) to evaluate the severity level of identified vulnerabilities and take appropriate action as required.
- Identity and Access Management (IAM): Review, update and strengthen your identity and access management program. This includes, but is not limited to, reviewing administrator and privileged users, reviewing password policies and their effectiveness, and enabling multi-factor authentication for critical information systems and third-party accounts where available. Establish an IAM baseline and monitor for suspicious activities.
Trusted Resources
In support of the above strategies, HIROC has curated a number of valuable resources through trusted government or law enforcement agencies – check them out!
- Get Cyber Safe
This is a public awareness campaign of the Government of Canada led and supported by the Communications Security Establishment Canada (CSE) and the Canadian Centre for Cyber Security (CCCS). This year’s Get Cyber Safe theme for Cyber Awareness month is Generation Cyber Safe: Because online security knows no age.
The theme has been broken down into five focus areas for each of the weeks in October, beginning with week one focusing on topics such as multi-factor authentication, password security, password manager, credential stuffing, and limiting sharing of information online.
Resources to support the communication of weekly focus areas have also been provided by the Get Cyber Safe campaign and can be accessed here: https://www.getcybersafe.gc.ca/en/resources/resources-cyber-security-awareness-month
- Cyber Security Centre of Excellence, Cyber Security Ontario
This website is focused on helping the Ontario government ministries and broader public sector organizations strengthen cyber security. If you work in an Ontario healthcare organization, you can set up an account for the portal and access this year’s Cyber Awareness Month resources and much more.
This year’s CSCE’s cyber awareness theme is Crack the Code: Cyber Mode. You can access the portal and take on a Cyber Detective role and participate in activities posted on a weekly basis. Additionally, Cyber Security Ontario will provide three tabletop exercises online: (1) Ransomware and Malware, (2) Supply Chain Attack, and (3) Physical Security Breach.
- Cybersecurity & Infrastructure Security Agency
The agency behind US Critical Infrastructure Security and Resilience, CISA, has released several resources to support both public and private sectors and for government and industry partners. The CISA’s cybersecurity awareness program called Secure Our World continues to be its campaign for Cyber Awareness Month in 2024. In support of this campaign, several new resource packages have been included on the CISA’s website. These packages include tip sheets, sample social media posts, presentation templates, virtual backgrounds, email signatures, bingo cards for youth, etc.
References
- Cyber Security and Privacy Breaches, Risk Reference Sheet, HIROC, July 2023, https://www.hiroc.com/resources/risk-reference-sheets/cyber-security-and-privacy-breaches
- Vulnerability Metrics, National Vulnerability Database, September 2022, https://nvd.nist.gov/vuln-metrics/cvss
- Identity and Access Management, Recommended Best Practices for Administrators, The National Security Agency (NSA) and the Cybersecurity Infrastructure Security Agency (CISA), October 2023, https://www.cisa.gov/news-events/alerts/2023/10/04/cisa-and-nsa-release-new-guidance-identity-and-access-management
Kopiha Nathan is HIROC's Lead, Privacy and Compliance Officer.