Since 2004, the President of the United States and Congress have declared the month of October to be Cybersecurity Awareness Month, a dedicated month for the public and private sectors, and tribal communities to work together to raise awareness about the importance of cybersecurity.
The Cybersecurity and Infrastructure Security Agency (CISA) and the National Cybersecurity Alliance (NCA) are partnering to create resources and messaging for organizations to use when they talk with their employees, customers, and memberships about staying safe online.
2023 marks the 20th annual Cybersecurity Awareness Month and this year CISA is launching a new awareness program that will encourage 4 simple steps every American can take to stay safe online. Simple actions we should all take not only during Cybersecurity Awareness Month, but every day throughout the year.
In the meantime, CISA encourages everyone to incorporate these 4 simple steps into their cybersecurity campaigns:
- Use strong passwords and a password manager: Strong passwords are critical to protecting data. They are long, random, unique, and include all four-character types (uppercase, lowercase, numbers, and symbols). Password managers are a powerful tool to help you create long, random, and unique passwords for each of your accounts. Plus, they make storing passwords and user IDs easy.
- Turn on multifactor authentication (MFA): You need more than a password to protect your online accounts and enabling MFA makes you significantly less likely to get hacked. Enable multifactor authentication on all your online accounts that offer it, especially email, social media, and financial accounts and use authentication apps or hardware tokens for added security. Learn more about multifactor authentication.
- Recognize & report phishing: Phishing emails, texts, and calls are the number one way data gets compromised. Be cautious of unsolicited emails, texts or calls asking for personal information. Avoid sharing sensitive information or credentials over the phone or email unless necessary and don’t click on links or open attachments sent from unknown sources. Verify the authenticity of requests by contacting the individual or organization through a trusted channel. Report phishing attempts to the appropriate authorities or IT department. Learn to recognize the signs of phishing and report these incidents to protect data and devices.
- Update software: Ensuring your software is up to date is the best way to make sure you have the latest security patches and updates on your devices. Regularly check manually for updates if automatic updates are not available and keep operating systems, antivirus software, web browsers, and applications up to date.
