Hi Team!
Cyber-attacks pose a significant risk to [ORG NAME], our employees and customers. We are partnering with the Cyber Readiness Institute (CRI) to protect our future by reducing cyber risks and protecting our critical data. The Cyber Readiness Program emphasizes practical, behavior-based steps we can take to help prevent attacks. It also guides us to respond effectively in the event of an incident.
I have appointed [FULL NAME AND ROLE IN ORG] as our Cyber Leader to guide us through this initiative. They will lead all of us to build a culture of cyber readiness. Your responsibility is to participate in the short training sessions, either in-person or by watching some short videos, and commit to following a few simple policies.
This Cyber Readiness Program is going to help protect our organization.
I want to add that I have already changed what I do at home to protect my information, and I encourage you to do the same.
You can reach our Cyber Leader at [CYBER LEADER CONTACT NUMBER and email address].
I am committed to our cyber readiness journey and appreciate your support.
Many thanks,
[CEO Signature]
Hi Team!
As you heard, I have been appointed as our Cyber Leader. Here’s my contact information:
[INSERT RELEVANT CONTAT INFO – phone, cell phone and email]
{ORG NAME] is becoming cyber ready by focusing on four things we can do to help prevent cyber-attacks and knowing how to respond in case of a cyber incident.
Here’s what it means for us to be cyber ready:
Cybercriminals try to take advantage of our behavior to bypass security. These are the Core Four issues we are going to focus on to reduce our risk:
Here’s a short introductory video on Cyber Readiness and the Core Four for you to watch:
https://www.youtube.com/watch?v=d9Da0NahEVM
I will send brief emails on the Core Four, each with a link to a short video.
We want you to watch each video. They’re only 2-3 minutes long. They’ll give you useful tips for you to use at work and at home and with your family.
In the meantime, please review our updated cyber readiness policies. Here is a link to our cyber policies.
If you have any questions now or at any point in the future, feel free to reach out!
[EMAIL SIGNATURE]
Hi Team!
Welcome to the next session of our Cyber Readiness Program training series on Passwords +! This is the first of the Core Four.
Passwords open the door into our networks and systems. Having a weak password is like leaving the door unlocked – or even open. Our policy is to use strong passwords with at least 15 characters. You can use a passphrase to make it easier to remember. One benefit of a long password is that we won’t need to change them unless there is a breach.
The “plus” in Passwords+ is multifactor authentication (MFA). A hard-to-crack password is your first line of defense but using MFA adds an extra layer of security, making it much harder for unauthorized users to gain access. Our policy is to use MFA on every computer, tablet and smartphone we use in our organization. It may seem a little inconvenient at first, but it nothing compared to the pain we’d experience from a breach.
Here’s a short video on creating strong, memorable passwords and using MFA: https://www.youtube.com/watch?v=OG5eulrACIw
Please update all of your passwords so they are at least 15-characters. Turn on MFA on all software.
I’ll be checking to see how you’re doing and if you have any questions. In the meantime, if you have any questions, feel free to get in touch.
[EMAIL SIGNATURE]
Hi Team!
Welcome to the second Core Four session- Software Updates.
You may have seen notifications for software updates on your computer or smartphone. While it’s tempting to click “Remind me later,” it’s essential to install these updates immediately.
Updated software is a key defense against cyber-attacks. The software updates patch security holes. Hackers know some people are slow to update their software and they take advantage of it.
Most software has an “auto-update” feature. Please enable this feature as soon as possible. If you get a prompt asking you to install the update, do it. For guidance, please contact me.
We’ve updated our policies regarding software updates to require that auto-update is enabled on all computers, tables and smartphones used in our organization. This applies to devices we issued and any personal devices you use for work.
My job as the Cyber Leader is to keep track of all the software we use in our organization and oversee the update process. I’ll be getting in touch with each department to see what software you use.
Here’s the next video we need you to watch on the importance of software updates: https://www.youtube.com/watch?v=GFMAC7ur4X8
If you have any questions, feel free to reach out!
[EMAIL SIGNATURE]
Hi Team!
Welcome to the third session on the Core Four – Phishing.
Phishing is one of the most common types of cyber-attacks, targeting anyone with an email account or smartphone. These deceptive messages are designed to steal sensitive information or gain unauthorized access to networks by tricking people into clicking links, downloading attachments, or disclosing personal details.
The phishing message may come by email or text. It may even look like its coming from someone in our organization or a company we work with because hackers can hijack an email account.
Every one of us needs to be alert and know how to recognize potential phishing attempts so we avoid taking the bait. Because hackers are creative in finding new ways to trick us, we are going to be sending out training messages and tips at least once a month, so we are all able to keep up with the latest tricks.
Based on our new policy, all employees and contractors will now receive monthly phishing awareness communications and must complete quarterly phishing training, covering recognition, examples, and response methods.
Here are a few starter tips for how to respond if you get a suspicious email or text. Make it a habit to verify the sender, watch for grammar mistakes, ask yourself why am I getting this. If in doubt, don’t click!
Here’s the next short video we need you to watch on phishing: https://www.youtube.com/watch?v=u4EgiZLL874
You can also find additional tips for spotting phishing messages – https://cyberreadinessinstitute.org/phishing-friday/
If you have any questions, feel free to reach out!
Hi Team!
Today we’re wrapping up our Core Four training with Secure Storage & Sharing.
USBs, removable hard-drives and other removable media are convenient, but they can carry computer viruses. Plugging an infected USB or hard drive into your computer will transfer the virus to your device.
Removable media includes:
Our policy requires you to use our cloud service for file transfers and storage. The use of USBs and other removable media is prohibited. The only exceptions are for pre-approved, critical business needs. If you have any questions about our cloud services or what constitutes a critical business need, contact me.
Here’s the next short video you need to watch on Secure Storage & Sharing: https://www.youtube.com/watch?v=if9mN49KiYk
If you have any questions, feel free to reach out!
[EMAIL SIGNATURE]
Hi Team!
Today, we’re discussing our Business Continuity Plan, which provides a roadmap for how to respond to, and recover from, incidents.
If all of us follow the Core Four policies, we will be able to prevent most cyber incidents. However, it’s essential to be prepared for a potential incident. Our Business Continuity Plan enables us to respond effectively and recover quickly.
Most important, if you suspect that your computer, tablet or smartphone is infected, or if you clicked on an email or attachment that caused your computer to behave strangely, immediately do the following:
Here’s the final short video on Business Continuity Plans: https://www.youtube.com/watch?v=BMAqt_SMC1s
You can access our business continuity plan here [PLACEHOLDER LINK].
If you have any questions, feel free to reach out!
[EMAIL SIGNATURE]
Hi Team!
You should have completed the Cyber Readiness Program training series. If you haven’t watched all six videos, please get it done as soon as possible. Each video is only a few minutes.
Here’s a quick recap of what we’ve covered:
If you’d like to review the content at any time, you can access the training videos here:
Feel free to share the videos with your family and friends. We want you to be cyber ready at work and at home.
You can access our cyber readiness policies and Business Continuity Plan here: [PLACEHOLDER LINK]
Cyber readiness is a group effort – be cyber ready, stay cyber strong.
If you have any questions, feel free to reach out!
[EMAIL SIGNATURE]
