Since 2004, the president of the United States and Congress have declared October “Cybersecurity Awareness Month,” a time for government and the private sector to equip the public with the resources to be safer and more secure online. The program’s organization falls to the Cybersecurity and Infrastructure Security Agency (CISA), which this year is partnering with the National Cybersecurity Alliance (NCA). The theme of the 2022 campaign focuses on people because while cybersecurity may seem like a complex subject, it’s really all about people.

“To build a more resilient nation, everyone — from K through Gray — has a role to play, which is why our theme for this year’s Cybersecurity Awareness Month is ‘See Yourself in Cyber,'” said CISA Director Jen Easterly. “This October, we are taking this message directly to the American people because whether you’re a network defender or anyone with an internet connection, we all have a role to play in strengthening the cybersecurity of our nation.”

For individuals and families, CISA identified four quick-action steps to establish basic online security practices. These are updating your software, taking the time to think before you click, using good strong passwords or a password manager, and enabling multifactor authentication (this usually requires a one-time code texted to your phone in addition to your account password).

For its part in the “See yourself in Cyber” with employers, CISA representatives said they will be talking with leaders from across the country about how to build a cybersecurity workforce that reflects the diversity of the nation, and one equipped to deal with the increasingly complex and challenging cyber threat landscape.

There are a number of institutions offering discounts on cybersecurity courses this month such as ISACA that is giving 20% off its accredited Cybersecurity Fundamentals Online Review Course. CISA itself offers free accredited courses via its Virtual Learning Portal, some of which are self-paced and others that are instructor-led. CISA also leads in-person training at its facility in Idaho Falls, again at no charge to participants.

CISA is also focusing on collaborating with industrial partners to protect critical infrastructure. This aspect involves real-time operational collaboration, data transparency and sharing, along with an engineering strategy called secure-by-design.

So what can you do? Start by thinking about your role at home and at work. If your employer provides infrastructure such as an internet service provider or you work for a government contractor there may be additional opportunities for you to contribute to your firm’s cybersecurity.

Be a positive role model for your family and your co-workers. Put the cybersecurity basics into place at home and talk about why they’re important. At work, follow the guidance of your information technology team and refrain from complaining. Yes, it can be maddening to answer an email security program’s simple questions such as “Do you think this link is safe?” before you can access a website, but these temporary roadblocks can prevent you from accessing a malicious link even if the chances of it occurring are very small.

Foster an environment of support. We’re all human and can fall for a well-crafted phishing attack or visit a fake website and unknowingly pick up malware. Do not shame the person who has become a victim of a cyberattack or scheme, whether that’s your mother or a co-worker. If people are afraid to report suspicious activity, that could put an entire network at risk or allow criminals the time to do more damage. Avoid blame and focus on actions needed to fix the situation. Depending on the circumstance, encourage the victim to share their experience with other family members so all can learn from it. In an office setting, it may be more appropriate to protect a victim’s anonymity, but still support an open forum where employees can share their experiences.

Be prepared for common incursions. For instance, if someone in your household is hit by a ransomware attack, what should they do? The same goes for an employee network. The compromised device should be immediately disconnected from the network. You should have a backup of all data to keep your personal projects and your business running if possible. For a student, that means storing their school papers in the cloud, while employees should also use secure cloud storage that cannot be accessed by a hacker that has managed to infiltrate the network. Law enforcement advises against paying the ransom.

Leslie Meredith has been writing about technology for more than a decade. As a mom of four, value, usefulness, and online safety take priority. Have a question? Email Leslie at asklesliemeredith@gmail.com.

Newsletter