Becoming a Cyber Security Champion
Ten ideas on how to be a cyber security champion in your organization
In today's modern and connected organizations, cyber security is everyone's responsibility. Our efforts complement the important work of colleagues in IT security, who ensure that our information systems and data remain confidential, integral, and accessible. Good cyber security is also bolstered by employee training and awareness campaigns. These initiatives are most effective when we consistently practise and model good cyber security behaviour.
Have you considered being a champion for cyber security in your organization? Being a champion means applying what you've learned, promoting and amplifying organizational training and awareness efforts, and helping colleagues become mindful practitioners of cyber security.
Here are 10 ideas on how you can be a cyber security champion in your organization. They were inspired by comments made by public servants from various departments and agencies during the cyber event workshop Be a Cyber Security Champion, hosted by the School in October 2023.
- Include a standing agenda item on cyber security in your team or management meetings.
- Promote the cyber security learning products of the Canadian Centre for Cyber Security and the Canada School of Public Service. Ask that the online course Discover Cyber Security (DDN235) be paired with Security Awareness (COR310) in any mandatory employee training curriculum, including your onboarding program.
- Make a habit of locking your workstation when you leave your desk. Remind colleagues to lock theirs when they leave, even for a short while. Do them a favour and lock their workstation if they forget.
- Invite someone from your departmental IT or security branch to give a presentation on cyber security during a team or management meeting, or invite a specialist from the Canadian Centre for Cyber Security to speak at a town hall or team-building event.
- Get your director general or assistant deputy minister to send a message to staff about the importance of cyber security. Invite them to share a related personal story if they have one, or help them describe a plausible scenario that conveys cyber-security concepts. Here are a few scenarios to get the conversation started: Louis' Lesson (DDN2-V43), Morgan's Mistake (DDN2-V45), and Abbas's Blunder (DDN2-V44).
- Create a quiz on cyber security for your colleagues, host a trivia contest on the theme of cyber security, or organize a game of Get Cyber Safe phishing bingo.
- Lead a discussion on the possible impacts of a cyber attack on your department. Talk to your colleagues about good cyber security practices when working from home or in public places. Discuss what might be different from being in the work office environment.
- Publish a monthly or quarterly email bulletin or round-up of cyber security news stories in your sector or industry and circulate it to colleagues. The Canadian Centre for Cyber Security's news and events page is a great source of information.
- Highlight upcoming cyber security events and conferences like the annual cyber security event of the Canada School of Public Service, and get anyone who attends to brief your team afterwards.
- Encourage your team members or branch colleagues to share personal stories of cyber attacks or online scams. Offer to anonymize the stories to create a safe space for sharing.