Guarding against emerging cyber threats is everyone’s responsibility

Each individual is responsible for protecting themselves and their workplace’s assets from cyber threats. These tips for Cybersecurity Awareness Month can help anyone be a better digital guardian.

Headshot of Rita Reynolds

Rita Reynolds

Director, Public Sector

banner image

Important tips for Cybersecurity Awareness Month

For some, the world before technology like computers, smartphones, and the internet is a foreign concept. After all, this is relatively recent history. By the end of the 1990’s, many businesses and homes had computers. Smartphone technology emerged and proliferated (escalating to a fever pitch with the release of the first iPhone) before the end of the first decade of the 2000’s.1

By the 2020’s, computers and smartphones have become indispensable, and the internet (accessed by both) is an essential tool. The exponential increase in cyber-attack surface presents a grim and constantly evolving challenge. This expansion is evidenced by the surge in documented attacks, frequent alerts received by organizations, and media reports of security breaches across the United States. Further complicating the cybersecurity landscape is the addition of artificial intelligence (AI) technology, and its use in automated phishing attacks, as well as the creation of deepfakes.

With this prevalence and risk comes the imperative that people understand how to responsibly and safely engage with these technologies. Computers, smartphones, digital applications, and the internet are woven into the fabric of how our modern society functions, and so is cybersecurity.

Cybersecurity Awareness Month and Stay Safe Online

In the public and private sectors, October is recognized as Cybersecurity Awareness Month. In observation of this, nonprofit organizations and government entities alike focus their efforts on how to better safeguard digital environments and spread awareness of cyber threats.

One such non-profit, the National Cybersecurity Alliance, works to advocate for the safe use of technology, educate on how to protect against cybercrime, and promote the creation of secure online spaces. Underpinning the initiatives for Cybersecurity Awareness Month is the trusted government organization, the Cybersecurity and Infrastructure Security Agency (CISA). In both the private and public sectors, CISA serves as the federal lead for Cybersecurity Awareness Month and provides a vital information hub for technical resources and insight on the latest cybersecurity news and trends.2

This October, these organizations are driving home the Stay Safe Online public awareness campaign, which aims to teach individuals, businesses, and large organizations how to improve their digital security.3 The concept is that anyone, regardless of job title or tech experience, should be able to learn these cybersecurity basics and better protect themselves from cyber threats.

The top 4 cybersecurity best practices

Maintaining cybersecurity vigilance is imperative for all sectors, and not just during Cybersecurity Awareness Month, but all year round. The responsibility of asset protection, both personal and professional, falls on each individual. Whether or not you are a technology professional, ongoing education and awareness of evolving cyber trends are essential.

While embracing cybersecurity best practices in asset protection, risk assessment, and network security requires a wealth of knowledge in IT, there are basic best practices anyone can follow.

Here are 4 cybersecurity best practices anyone can implement quickly to see tangible improvements, based on the National Cybersecurity Alliance’s theme of the “Core Four”4:

  1. Implement robust password protocols and password management systems

    Managing (and remembering) a myriad of passwords, both for professional and personal applications, can be a challenge. Utilizing a password management system simplifies this process by centralizing password storage, requiring you to remember only one master password.

    Despite misconceptions, these systems are cost-effective for organizational procurement and are often freely available for personal use. Concerns regarding password manager vulnerabilities are mitigated by employing multifactor authentication (MFA), which significantly enhances security.

    Ensure passwords exceed 12 characters, ideally reaching 16, and incorporate a mix of alphanumeric and special characters. A good idea is to use a passphrase; something like “My F@vorit3 C0l0r is Hawaii!”. Using a mixture of letters, special characters, and numbers is easier to remember and harder to crack.

  2. Deploy multifactor authentication (MFA) across all accounts

    MFA should be universally enabled, encompassing all accounts accessed. Organizational standards should mandate MFA for email and login accounts; absence indicates a lapse in cybersecurity protocol adherence. MFA is also crucial for securing personal accounts, including banking and retirement services. It integrates additional authentication layers such as SMS-based PIN verification, beefing up security on your most sensitive data.

    Reminder: Legitimate institutions will never request your password, so the rule of thumb is do NOT respond to any emails requesting this information.

  3. Identify and immediately report malicious communications

    Suspicious emails, texts, or calls typically indicate phishing (which primarily uses emails or fake web addresses) or vishing (which uses voice calls or voicemails) attempts. According to 2025 Pew Research, 73% of U.S. adults have encountered online scams or attacks.5

    Common indicators include messages claiming lottery winnings or threats of arrest. Recognizing such threats and reporting them is essential. Organizations often provide a “phish” alert mechanism within email systems, supplemented by direct reporting to IT departments.

    It’s important to remember IT departments will never solicit passwords via phone or online platforms. Similarly, your bank or financial institution will not ask you to give a password or username in an email or written correspondence. Better air on the side of caution, and automatically report any messages that seem dubious, improbable, or outright suspicious.

  4. Regularly update software systems

    Timely software updates are crucial for maintaining system integrity and security. These updates deliver patches for programming vulnerabilities, counteract emerging threats, and frequently introduce enhanced security features. Despite the temptation to postpone, updates should be prioritized to ensure optimal system performance and protection. Avoid selecting “remind me later” and initiate these updates immediately.

Organizational enhancements for Cybersecurity Awareness Month

Ongoing evaluation of organizational cybersecurity is vital. Recommended best practices for Cybersecurity Awareness Month (and beyond) include:

  • Supporting national cybersecurity funding efforts
  • Implementing MFA for both organizational equipment and personal device access
  • Conducting comprehensive cybersecurity assessments and audits using external entities to identify security gaps
  • Developing and routinely testing incident response plans
  • Retaining and evaluating cyber insurance to mitigate potential breach or ransom scenarios
  • Performing tabletop exercises akin to continuity drills for adverse events
  • Engaging in continuous security education and simulated email tests

Did you know that the definition of a guardian is someone who protects, guards, or preserves a person or property?6 When it comes to cybersecurity, each individual serves as a guardian over their digital assets, and the digital environment of their workplace. These tips for organizations and individuals can improve cyber posture for Cybersecurity Awareness Month and better prepare people as guardians against evolving digital threats for the foreseeable future.

To learn more about how CAI helps organizations with cybersecurity, fill out the form below.

Endnotes

  1. Computer History Museum. “Timeline of Computer History.” https://www.computerhistory.org/timeline/computers/.
  2. Cybersecurity and Infrastructure Security Agency. “Cybersecurity Awareness Month Toolkit.” 2025. https://www.cisa.gov/resources-tools/resources/cybersecurity-awareness-month-toolkit.
  3. National Cybersecurity Alliance. https://www.staysafeonline.org/aboutus.
  4. “Online Security Basics. Meet the Core 4: Cybersecurity Basics.” National Cybersecurity Alliance. July 22, 2025. https://www.staysafeonline.org/articles/online-safety-basics.
  5. Jeffrey Gottfried, Eugenie Park, and Monica Anderson. “Online Scams and Attacks in America Today.” Pew Research Center. July 31, 2025. https://www.pewresearch.org/internet/2025/07/31/online-scams-and-attacks-in-america-today/.
  6. Dictionary.com. “Definition of ‘guardian.’” https://www.dictionary.com/browse/guardian.

Related resources

Webinar On-Demand

Connected and protected: The importance of regional cyber tabletop exercises

Watch this interactive webinar on the importance of regional tabletop exercises in enhancing cybersecurity defenses for government. Learn how these exercises can help bridge connections between different local government agencies...

View this resource →
Article

How local governments can get ahead of their threat opponents

Read our expert opinion on cyberattacks and concerned cybersecurity measures in conversation with the Center for Digital Government.

View this resource →
Service

Explore a cyber insurance assessment

Mitigate risks and optimize your defense

View this resource →

Let's talk!

Interested in learning more? We'd love to connect and discuss the impact CAI could have on your organization.

All fields marked with * are required.
Please correct all errors below.
Please agree to our terms and conditions to continue.

For information about our collection and use of your personal information, our privacy and security practices and your data protection rights, please see our privacy policy and corresponding cookie policy.