Hello Team,

Cyber-attacks are very real and present threats for [Company Name] and the companies we supply. It is crucial for the future of our business that we improve our cyber readiness immediately. That is why we are partnering with the Cyber Readiness Institute to safeguard [Company Name] data, our customers’ data, and your personal information from being compromised and used for malicious purposes.

I am pleased to appoint [Full Name] as our Cyber Leader(s). [He/She/They] will guide our team through the Cyber Readiness Program. The CRI Program takes a practical approach to raise cyber awareness by focusing on human behavior. Throughout the Program, we will cover the common cyber threats to our company and develop a Cyber Readiness Playbook to defend against them.

The reality is a simple click on a suspicious email link can allow unauthorized access our network, compromising our company’s data, our customers’ data, and your personal information. I am committed to making [Company Name] more cyber resilient by preventing attacks and being prepared in case one does occur.

Thank you for joining me in supporting [Full Name] as we work together to ensure [Company Name] is cyber ready.

Many thanks,

[CEO Signature]

Hi Team!

[ORG NAME] is getting Cyber Ready! What this means for us:

• New Employee Policies – We’ve added some new policies and protocols to our handbook to provide procedures and guidelines for better security here at [ORG NAME]. You can review the policies here. [LINK]
• Designated Cyber Leader – An individual responsible for leading our cyber readiness journey.

You might be wondering what “Cyber Ready” means. Being “Cyber Ready” means being smart about technology habits and knowing what to look out for to stay safe.

Cybercriminals know how most of us work and they exploit these common habits to get past sophisticated cybersecurity technology. In fact, a handful of behaviors are the source of most cyber breaches. Fortunately, when we know what to do and what not to do around the four core cyber issues below, the chance of these attack methods working goes down dramatically.

• Passwords+
• Software Updates
• Phishing
• Data Storage & Sharing

Locking down these four areas means that the sensitive data related to [ORG NAME] customers, vendors, and fellow employees is more secure. This is why we’re going to send out a few brief emails that will provide some basic training about the four core cyber issues and the simple things we can all do to avoid and prevent them.

Please note that cybersecurity policy adherence and training is required. These emails and requests should only take 10-15 minutes to complete, and we request that you reply to your direct supervisor after completing each training session.

The first training email will be sent [MM/DD]. In the interim, please read the updated policies to learn more about this effort.

If you have any questions on this, just let me know!

[EMAIL SIGNATURE]

Hi Team!

It’s our first session in our Cyber Readiness Program training series! Core Cyber Issue #1 – Passwords+

A password is a door into a network, individual, or an organization. We use hundreds of passwords and connected devices in our professional and personal lives — each of these are doors into our company. A weak password is like leaving the door unlocked.

Each of our passwords are gatekeepers to the important information and systems we are trusted with and accountable for. We can’t let them be easy targets.

A hard-to-crack password is the first line defense against opportunistic hackers. Making a strong password takes just a few seconds and is something every [ORG NAME] employee is required to do to help keep our data as secure as possible.

Here’s a quick training about how to make strong passwords you can easily remember and use:

[LINK]

We’ve also updated our company policies around passwords, which applies to all employees and contractors of [ORG].

If you have any questions about this training or how to use and manage your passwords, then feel free to reach out to me directly to discuss.

[EMAIL SIGNATURE]

Hi Team!

We’re on our second session of our Cyber Readiness Program training series! Core Cyber Issue #2 – Software Updates

You’re probably familiar with those pop-up notifications telling you a software update is available for your computer, laptop, tablet, or mobile device. While it can be tempting to click “Remind me later,” that’s a bad idea. Software updates repair important security gaps and fix critical bugs that have been identified and should be installed right away.

Not installing these updates leaves the door wide open to known security vulnerabilities that cybercriminals can and do use to get in and make an attack. The infamous WannaCry Ransomware Attack took advantage of an identified security flaw in Windows OS that had already been fixed in an update two months prior. Even though the attack only affected those who had not installed the update, in just 24 hours more than 230,0000 systems were compromised and caused $4B in global damages.

Installing updates can eliminate these easy access points and protect against malware and ransomware attacks. Fortunately, software updates are easy to do.

Most operating systems and software can be set to “auto update,” which can automate the installation of updates and minimize the interruption to your work. It only takes a few minutes to make sure or turn on “auto update” for apps, systems and devices, so please do so as soon as possible.

Like we did for passwords, we’ve also revised our company policies surrounding software updates. These policies apply to all employees and contractors of [[ORG]]. The attached Software Update Checklist PDF provides you with step-by-step instructions and links for easily getting this done, which you can read here [LINK].

Please note that policy adherence and completing the Software Update Checklist PDF is required for all [ORG] employees. This checklist should only take 10-15 minutes to do and should be completed by [MM/DD]. Be sure to inform your supervisor after you’ve completed this checklist.

If you have any questions about this training or how to use and manage software updates, then feel free to reach out to me directly to discuss.

[EMAIL SIGNATURE]

Hi Team!

Ready for our third session in our Cyber Readiness Program training series? Core Cyber Issue #3 – Phishing

Phishing is one of the most widely used cyber-attacks. Anyone with an email account or smartphone can be targeted with a phishing email or text. Phishing attacks employ deceptive messages to acquire sensitive information or gain access to a network. These messages try to trick people into clicking a link, downloading an attachment in the message, or even directly providing sensitive information like banking details.

While most of us are aware that the Nigerian prince requesting a $5,000 wire transfer to his bank account is a scam, phishing scams are often sophisticated and hard to detect if you don’t know what to look for. These messages are often skillfully disguised as genuine communications that one might legitimately receive.

In fact, 9 out of 10 cyber attacks begin with phishing because it is an incredibly effective method. Although scammers continually evolve their techniques, most phishing messages employ a few common tricks that you can learn to recognize so you don’t get duped.

Watch this short video clip to learn some tips for spotting a “phish” in your messages. [VIDEO LINK]
Additionally, check out these tips for spotting a phishing attempt [HERE].

If you have any questions regarding this training or need guidance on how to identify and handle phishing attempts, feel free to reach out to me directly for further discussion.

[EMAIL SIGNATURE]

Hi Team!

Today, we will be discussing the last core cyber issue in our Cyber Readiness Program training series! Core Cyber Issue #4 – Data Storage and Sharing

USBs are a popular and easy way to store and transport files, but they’re also easy targets for malicious software.

Hackers can infect USBs with malicious software, such as viruses, spyware, and more that can cause irrevocable damage. Someone who finds a “lost” USB in the parking lot might plug it into their computer to see what’s on it and return it to the owner, without knowing the risk before it’s too late.

USBs aren’t the only kind of removable media device, they can also include:

• Optical Discs (Blu-Ray discs, DVDS, CD-ROMs)
• Memory Cards (Compact Flash card, Secure Digital card, Memory Stick)
• Zip Disks/ Floppy disks
• USB flash drives
• External hard drives (DE, EIDE, SCSSI, and SSD)
• Digital cameras
• Smart phones
• Other external/dockable devices which contain removable media capabilities

We’ve updated our company policy for Data Storage and Sharing, which will apply to all employees and contractors of [[ORG]:

If you have any questions about this training, feel free to reach out to me directly to discuss.
Next week, we’ll be covering our new Business Continuity Plan, which will help us prepare for and respond to cyber events and issues that can happen.

[EMAIL SIGNATURE]

Hi Team!

Today, we will be discussing our Business Continuity Plan, which serves as a roadmap for our entire company and provides guidance on how to respond to cyber or security issues.

The cyber hygiene practices we have learned during this training, along with our new cyber readiness policies, significantly reduce the risk of a security breach. But even with the best measures in place, it’s important to acknowledge that we will likely have to deal with a security incident at some point.

Our Business Continuity Plan equips us with the necessary tools to quickly respond, resolve, and learn from any issues that arise. A crisis can be chaotic and stressful, but having a step-by-step plan ensures that our response to a breach is strategic and effective instead of reactive or ineffective.

There are three key elements to our business continuity:

Prepare

✔ Make sure to keep backups current and to synchronize cloud accounts
✔ Stay vigilant for suspicious or odd activity

Respond

✔ Contact [CYBER LEADER OR IT CONTACT] immediately if something seems strange or suspicious (such as a computer crash after opening a file, etc.)
✔ Disconnect the device from the network immediately

Recover

✔ Notify all affected parties
✔ Reset all passwords and IDs
✔ Reinstall software, synced accounts and data backups as required

We’ve updated our company handbook with this Business Continuity Plan, which is to be reviewed and implemented by all employees and contractors of [[ORG]]. You can access the plan here [LINK].

If you have any questions about our Business Continuity Plan, feel free to reach out to me directly to discuss. Next week, we’ll have a quick recap of what we’ve learned during this program, and then [ORG] will officially receive Cyber Readiness Certification!

[EMAIL SIGNATURE]