Important tips for Cybersecurity Awareness Month
For some, the world before technology like computers, smartphones, and the internet is a foreign concept. After all, this is relatively recent history. By the end of the 1990’s, many businesses and homes had computers. Smartphone technology emerged and proliferated (escalating to a fever pitch with the release of the first iPhone) before the end of the first decade of the 2000’s.1
By the 2020’s, computers and smartphones have become indispensable, and the internet (accessed by both) is an essential tool. The exponential increase in cyber-attack surface presents a grim and constantly evolving challenge. This expansion is evidenced by the surge in documented attacks, frequent alerts received by organizations, and media reports of security breaches across the United States. Further complicating the cybersecurity landscape is the addition of artificial intelligence (AI) technology, and its use in automated phishing attacks, as well as the creation of deepfakes.
With this prevalence and risk comes the imperative that people understand how to responsibly and safely engage with these technologies. Computers, smartphones, digital applications, and the internet are woven into the fabric of how our modern society functions, and so is cybersecurity.
Cybersecurity Awareness Month and Stay Safe Online
In the public and private sectors, October is recognized as Cybersecurity Awareness Month. In observation of this, nonprofit organizations and government entities alike focus their efforts on how to better safeguard digital environments and spread awareness of cyber threats.
One such non-profit, the National Cybersecurity Alliance, works to advocate for the safe use of technology, educate on how to protect against cybercrime, and promote the creation of secure online spaces. Underpinning the initiatives for Cybersecurity Awareness Month is the trusted government organization, the Cybersecurity and Infrastructure Security Agency (CISA). In both the private and public sectors, CISA serves as the federal lead for Cybersecurity Awareness Month and provides a vital information hub for technical resources and insight on the latest cybersecurity news and trends.2
This October, these organizations are driving home the Stay Safe Online public awareness campaign, which aims to teach individuals, businesses, and large organizations how to improve their digital security.3 The concept is that anyone, regardless of job title or tech experience, should be able to learn these cybersecurity basics and better protect themselves from cyber threats.
The top 4 cybersecurity best practices
Maintaining cybersecurity vigilance is imperative for all sectors, and not just during Cybersecurity Awareness Month, but all year round. The responsibility of asset protection, both personal and professional, falls on each individual. Whether or not you are a technology professional, ongoing education and awareness of evolving cyber trends are essential.
While embracing cybersecurity best practices in asset protection, risk assessment, and network security requires a wealth of knowledge in IT, there are basic best practices anyone can follow.
Here are 4 cybersecurity best practices anyone can implement quickly to see tangible improvements, based on the National Cybersecurity Alliance’s theme of the “Core Four”4:
Implement robust password protocols and password management systems
Managing (and remembering) a myriad of passwords, both for professional and personal applications, can be a challenge. Utilizing a password management system simplifies this process by centralizing password storage, requiring you to remember only one master password.
Despite misconceptions, these systems are cost-effective for organizational procurement and are often freely available for personal use. Concerns regarding password manager vulnerabilities are mitigated by employing multifactor authentication (MFA), which significantly enhances security.
Ensure passwords exceed 12 characters, ideally reaching 16, and incorporate a mix of alphanumeric and special characters. A good idea is to use a passphrase; something like “My F@vorit3 C0l0r is Hawaii!”. Using a mixture of letters, special characters, and numbers is easier to remember and harder to crack.
Deploy multifactor authentication (MFA) across all accounts
MFA should be universally enabled, encompassing all accounts accessed. Organizational standards should mandate MFA for email and login accounts; absence indicates a lapse in cybersecurity protocol adherence. MFA is also crucial for securing personal accounts, including banking and retirement services. It integrates additional authentication layers such as SMS-based PIN verification, beefing up security on your most sensitive data.
Reminder: Legitimate institutions will never request your password, so the rule of thumb is do NOT respond to any emails requesting this information.
Identify and immediately report malicious communications
Suspicious emails, texts, or calls typically indicate phishing (which primarily uses emails or fake web addresses) or vishing (which uses voice calls or voicemails) attempts. According to 2025 Pew Research, 73% of U.S. adults have encountered online scams or attacks.5
Common indicators include messages claiming lottery winnings or threats of arrest. Recognizing such threats and reporting them is essential. Organizations often provide a “phish” alert mechanism within email systems, supplemented by direct reporting to IT departments.
It’s important to remember IT departments will never solicit passwords via phone or online platforms. Similarly, your bank or financial institution will not ask you to give a password or username in an email or written correspondence. Better air on the side of caution, and automatically report any messages that seem dubious, improbable, or outright suspicious.
Regularly update software systems
Timely software updates are crucial for maintaining system integrity and security. These updates deliver patches for programming vulnerabilities, counteract emerging threats, and frequently introduce enhanced security features. Despite the temptation to postpone, updates should be prioritized to ensure optimal system performance and protection. Avoid selecting “remind me later” and initiate these updates immediately.
Organizational enhancements for Cybersecurity Awareness Month
Ongoing evaluation of organizational cybersecurity is vital. Recommended best practices for Cybersecurity Awareness Month (and beyond) include:
- Supporting national cybersecurity funding efforts
- Implementing MFA for both organizational equipment and personal device access
- Conducting comprehensive cybersecurity assessments and audits using external entities to identify security gaps
- Developing and routinely testing incident response plans
- Retaining and evaluating cyber insurance to mitigate potential breach or ransom scenarios
- Performing tabletop exercises akin to continuity drills for adverse events
- Engaging in continuous security education and simulated email tests
Did you know that the definition of a guardian is someone who protects, guards, or preserves a person or property?6 When it comes to cybersecurity, each individual serves as a guardian over their digital assets, and the digital environment of their workplace. These tips for organizations and individuals can improve cyber posture for Cybersecurity Awareness Month and better prepare people as guardians against evolving digital threats for the foreseeable future.
To learn more about how CAI helps organizations with cybersecurity, fill out the form below.
Endnotes
- Computer History Museum. “Timeline of Computer History.” https://www.computerhistory.org/timeline/computers/. ↩
- Cybersecurity and Infrastructure Security Agency. “Cybersecurity Awareness Month Toolkit.” 2025. https://www.cisa.gov/resources-tools/resources/cybersecurity-awareness-month-toolkit. ↩
- National Cybersecurity Alliance. https://www.staysafeonline.org/aboutus. ↩
- “Online Security Basics. Meet the Core 4: Cybersecurity Basics.” National Cybersecurity Alliance. July 22, 2025. https://www.staysafeonline.org/articles/online-safety-basics. ↩
- Jeffrey Gottfried, Eugenie Park, and Monica Anderson. “Online Scams and Attacks in America Today.” Pew Research Center. July 31, 2025. https://www.pewresearch.org/internet/2025/07/31/online-scams-and-attacks-in-america-today/. ↩
- Dictionary.com. “Definition of ‘guardian.’” https://www.dictionary.com/browse/guardian. ↩