It’s appropriate that National Cybersecurity Awareness Month ends on Halloween. With all the scary things out there, cyber attacks should be at the top of the list. This year’s theme is See Yourself In Cyber and focuses on four best practices. The goal? Helping organizations better communicate to their users and help them stay cyber-safe.

As the event’s founder, the National Cybersecurity Alliance states: “Cybersecurity Awareness Month, every October, is a collaboration between government and private industry to raise awareness about digital security and empower everyone to protect their personal data from digital forms of crime.”

Cybersecurity awareness starts with education

User education has always been seen as a critical part of any cybersecurity plan. That’s because most cyber attacks still start with phishing, usually as an email trying to lure the user into giving up their password or other critical information. Those emails used to be easy to spot due to poor grammar, odd language use, or weird formatting. But cyber criminals have gotten much more sophisticated, creating very targeted and legitimate looking emails. To combat this, cybersecurity awareness should be increased through advanced user education, including specific guidance, is a must.

It’s also more important for the security team to have the right tools to support their users by detecting malware and abnormal behavior. Cybersecurity is a team sport. That’s why See Yourself In Cyber is a great theme to emphasize that everyone, regardless of their workplace role, can play a part to protect themselves and their organization.

Best practices for cybersecurity awareness month

In previous years, National Cybersecurity Awareness Month has had weekly themes. This year the focus is on four key behaviors that are more important than ever and that everyone should be practicing. None of these best practices are new, but they have all become particularly relevant lately. Here’s why:

  • Enabling multi-factor authentication is one of the most effective deterrents to account take-over but in several recent breaches, the attackers used social engineering (learn how) to trick users into performing or providing them the second factor.
  • Using strong passwords and a password manager has become more necessary because attackers can more easily crack them with improved technology and social engineering. Password guidelines now recommend using at least 12 characters and it is more critical than ever to use different passwords for every site.
  • Updating software is a great reminder. It has always been important, but many users are complacent – they’ve tired of closing down all of their apps to reboot and complete the updates. But software vulnerabilities are being exploited by attackers more quickly than ever so the updates that patch them need to be done quicker too.
  • Recognizing and reporting phishing is harder now, so users need heightened cybersecurity awareness. This includes better training plus encouragement to constantly lookout for the sophisticated techniques used. And by reporting phishing attempts to their IT department or their service provider, they help protect others.

Defeat the cyber goonies with these great resources

You can find more info about these four best practices, plus some great pointers on how to protect yourself, by visiting Cisco’s Cybersecurity Awareness Month Hub and the National Cybersecurity Alliance. Working together to protect ourselves does not end on Halloween, but hopefully we can end National Cybersecurity Awareness Month with all of us better informed and less afraid.



Peter Romness

Cybersecurity Principal, US Public Sector CTO Office