This month is the 21st annual Cybersecurity Awareness Month, cosponsored by the Cybersecurity and Infrastructure Agency (CISA) and the National Cybersecurity Alliance. This year’s theme is “Secure Our World,” continuing what will now be the recurring theme.
Cybersecurity awareness by all users is a critical part of effective cyber defense. CISA has reported that 90% of successful cyberattacks start with a phishing email. Verizon’s Data Breach Investigation Report has reported that about 68% of attacks involve a human element (excluding malicious misuse that would not be impacted by security awareness). Users can make a big difference!
Every user from the newest hire to senior management has a role in effective cybersecurity. Training is critical. The goal should be to promote constant security awareness, by every user, every day, every time they’re using technology, including staying focused and avoiding multitasking and distractions. Users should be aware of current threats and how to protect against them; know what to do if there’s an incident; and know how to get answers to questions. This month is a good time to provide a refresher to users, followed by periodic repetition.
This year’s tips include:
- Use strong passwords
- Turn on MFA (multifactor authentication)
- Recognize and report phishing
- Keep systems and software up to date and fully patched
These tips can both explain these measures and why the business requires them and promote security at home.
This Cybersecurity Awareness Month is also a good time to review and update your training program (or to implement one if you don’t have a program).The review should include any changes in applicable requirements and standards, like the HIPAA Privacy Rule (§164.530(b) and Security Rule (§164.308(a)(5) and the Center for Internet Security’s CIS Critical Controls v8.1 (Safeguard 14 Security Awareness and Training).
