Every year, too many companies and organizations still pass up an easy opportunity for making their employees or volunteers more #cyberaware: National Cyber Security Awareness Month, the annual public/private campaign in October to raise public awareness and improve the nation’s overall security posture.

While IT security managers acknowledge the need for finding new and better ways to help users overcome their learned helplessness in the face of cyber threats, a lack of internal resources often prevents them from mounting their own NCSAM efforts and reach out to employees on all levels.

Does this sound familiar? If so, it’s not too late for your team to get in on this year’s NCSAM action.

Here's a quick fix.

Check out the free tools and resources we have selected for you.

However big or small your organization, they can help you get up and running with your own NCSAM in-house campaign on a budget and in no time:


The Official NCSAM Website

The redesigned, mobile-friendly website serves as a first one-stop shop for online safety awareness and education. It provides a plethora of material for engaging in NCSAM and cybersecurity awareness activities and features an easy-to-use resource library, helpful educational materials and the latest news and blog posts from the National Cyber Security Alliance (NCSA) and partners.

DHS’ Stop.Think.Connect.Toolkit

The Stop.Think.Connect. Toolkit developed by the Department of Homeland Security provides cybersecurity resources such as how-to guides and tip cards to promote online safety to all segments of the community.

Expert Tips: Creating Strong Cybersecurity Habits in the Enterprise in Just One Month

Because nothing focuses the mind like a deadline, we asked IT security leaders: “You have four weeks to create strong cybersecurity habits in a business with 500+ employees. What would you do, and why?”

Start implementing their tips during National Cyber Security Awareness Month. To follow tip #4, “Empower people” (our favorite) on Steve Durbin’s “Ten tips on how to make cybersecurity a habit on a deadline,” give them a remote browser.

Go phishing - your employees.

Check out InfoSec Institute’s list of Top 9 Free Phishing Simulators. These tools will help you create teachable moments for your employees or team members on a shoestring. Target them with make-believe phishing emails, see who takes the bait and clicks on a link that could put your business at risk (if it didn’t come from you in this case), and get the conversation going, perhaps by suggesting this quiz.

Let your MarCom, PR or HR people play the Cybersecurity Lab game...

...or anyone in your organization, for that matter, who is frequently using social media on the job or during breaks using your network. This free cybersecurity online game by PBS/NovaLabs makes it fun to learn about defending a business against web exploits, identity thieves, and ransomware.

Bonus tip: How about IT encouraging employees to play more online games on company time, to learn how to protect themselves online on the job and at home? Cybersecurity gamification will help your IT security team break up counterproductive IT vs. Users patterns and start a dialog.

Texas A&M University’s Information Technology Department is a pioneer in the field. Each year, its students design a game specifically for National Cyber Security Awareness Month. Suggestion: Choose one from Texas A&M’s list of cyber security games and share it with your users.

In its 14th year now, National Cyber Security Month is still treated by most of us like Equifax dealt with the exploit that led to its historic data breach. We know something will happen, and we should do something about it, yet we are still caught by surprise and empty-handed when (not “if”) it finally happens.

Starting this October, let’s get in the habit and ahead of the curve - this cybersecurity tools and game shortlist should make it easier.