24 Sep Making the most out of Cybersecurity Awareness Month

Anita Byer

October is Cybersecurity Awareness Month. The purpose of this global initiative, which began in 2003, is to raise awareness about online security and empower individuals and businesses to protect themselves against cyber threats. This year’s theme—Building a Cyber Strong America—highlights the need to strengthen the country’s infrastructure against cyber threats, ensuring resilience and security. Unfortunately, after more than 20 years, the need for cybersecurity awareness is arguably greater than ever before. According to the Identity Theft Resource Center, there were 1,732 data breaches and more than 165 million victim notices during the first half of 2025.

The Cybersecurity & Infrastructure Security Agency (CISA), which is the federal lead for Cybersecurity Awareness Month, notes that businesses and organizations without basic cybersecurity precautions make easy targets for bad actors. According to Verizon’s 2025 Data Breach Investigations Report, the human element remains the common link in most (60 percent) data breaches, so enabling employees to identify and thwart cyberattacks is crucial. To reduce the chances of being victimized by a disruptive cyberattack, CISA recommends the following best practices.

• Teach Employees to Avoid Phishing Scams. Phishing tricks employees into opening malicious attachments or sharing sensitive information. Staff should be trained to recognize and report suspicious activity.
• Require Strong Passwords. Strong passwords are a simple and powerful way to block bad actors from accessing accounts through guessing or automated attacks. Strong passwords should be mandatory for all users.
• Require Multifactor Authentication. MFA adds an extra layer of security beyond passwords. Organizations should require all users to activate MFA for all accounts.
• Update Business Software. Outdated software can contain exploitable flaws. Security updates and patches should be installed immediately (or as soon as possible) after being released.
• Monitor System Activity. Logging system activity can reveal that bad actors may be trying to access your data.
• Back Up Data. Put a backup plan in place that aligns with your organization’s recovery point objective to protect your systems and keep things running smoothly.
• Encrypt Data. Encrypting data and devices protects against attacks. Encrypted data remains locked and unreadable even if bad actors gain access to your files.

Implementing, maintaining and updating security policies and procedures is important, but it’s not always enough. Small and medium-sized businesses should have Cyber Perils Insurance Coverage to protect against various cyber threats and liability exposures, including the cost of complying with data breach notice laws. Please contact us if you would like more information about insurance specifically designed to protect against cyber threats and data security breaches.