Cyber Security Awareness Month 2024
“Cyber Security Awareness Month provides an opportunity to amplify messaging that improves cyber resilience and contributes to the security of UK plc. ”
October is Cyber Security Awareness Month, with the 21st Cybersecurity Awareness Month taking place in October 2024. Initially a US Presidential and Congressional initiative, Cyber Month is now adopted globally - including by the UK’s National Cyber Security Centre (NCSC) and NHS Digital - and provides an opportunity to enhance cybersecurity awareness, identify the scale and nature of the cyber threat and encourage action to mitigate cyber risk.
Whether as individuals or organisations, we can all take steps to reduce cyber risks and increase cyber resilience.
As an organisation, Cyber Month offers an opportunity to raise awareness and promote good cyber hygiene, and could be when you decide to refresh the annual information security training for your staff, run a phishing campaign, update your password security, implement multi-factor authentication, conduct penetration and other security testing, rehearse your incident response plan, review your supply chain security or conduct a cyber security risk assessment. To help embed a cyber secure culture in your organisation, you could consider appointing cyber champions. Cyber Month also provides a great opportunity to increase board awareness of cyber issues and to provide an update on your organisation’s cyber security posture.
You might be interested in some of our recent blog posts and free resources on related issues, including:
Handley Gill Limited’s specialist data protection and ESG consultants consider the results of the Information Commissioner’s Office’s Cyber Security Incident Trends Report for Q1 2024 and the implications for Sir Keir Starmer’s new Labour government, calling for a greater understanding of and focus on cyber and information risk management by directors and trustees.
With the summer holiday season in full swing, Handley Gill Limited’s specialist data protection and cyber resilience consultants consider the data protection and information security risks of staff taking data and devices used for business purposes overseas and the practical measures that organisations can take to safeguard data subject to border control powers.
To coincide with London Tech Week 2024, one of the key themes of which is ‘The Future of Security and Data’, and following the revelation in the DSIT Cyber Security Breaches Survey 2024 that few organisations are conducting supply chain risk assessments, Handley Gill’s specialist consultants have published their Helping Hand checklist on conducting data processor / supply chain information security risk assessments which is informed by NCSC guidance.
Has a cyber incident got you in an awful mess and you don’t mean maybe? What if a data breach leaves you in trouble deep? From the hacker they warned you all about? You need some good advice… and an incident response plan!
Handley Gill’s data protection consultants consider recent supply chain cyber attacks, including the unfolding of the recent Capita and Zellis / MOVEit data breaches, and identify the steps data controllers should take when engaging data processors as part of their supply chain or giving third parties access to personal data, and the lessons to be learned for vendor management throughout the data processing lifecycle.
New cyber sanctions imposed by the UK and US governments against Russian nationals expose victims of ransomware, and their individual directors and officers, to criminal liability in the event that ransom payments are made.
DCMS has recently published its Cyber Security Breaches Survey 2022, based on data gathered by IPSOS MORI over winter 2021/22, which reveals that businesses and charities continue to be under prepared to respond to inevitable cyber security incidents and data breaches. In this post, we highlight some of the key findings of the survey and identify advice, guidance and free solutions to common cyber resilience shortcomings.
Find out more about our data protection and data privacy services.