Cybersecurity and Infrastructure Security Agency (CISA) announced the kickoff of the 20th Cybersecurity Awareness Month. Throughout October, CISA and the National Cybersecurity Alliance (NCA) will focus on ways to “Secure Our World” by educating the public on how to stay safe online. “Secure Our World” will also be the enduring theme for throughout the year as security leaders work to drive behavioral change around core cybersecurity habits by providing everyone with the knowledge and tools they need. 

This October and year-round, CISA challenges everyone to help secure the world by adopting four steps that everyone can take to stay safe online:  

• Use strong passwords that are long, random, and unique to each account, and use a password manager to generate them and to save them. 

• Turn on multifactor authentication on all accounts that offer it. More than a password is needed on the most important accounts, like email, social media, and financial accounts.  

• Recognize and report phishing. Be cautious of unsolicited emails or texts or calls asking for personal information, and don't click on links or open attachments from unknown sources. 

• Update software. In fact, enable automatic updates on software so the latest security patches keep devices people are connected to continuously up to date. 

Additionally, CISA has developed guidance for specific audiences, including:  

• Individuals and families: CISA is emphasizing the importance of securing personal accounts, offering guidance on personal device safety, safe internet browsing practices, social media usage and protecting personal information online.   

• Small and medium-sized businesses (SMBs): SBMs face unique challenges, so CISA is working to help them Secure Our World by offering tools and resources that can help boost SMB’s cybersecurity defenses and minimizes the risk of data breaches or cyber-attacks, making not only our businesses, but our communities safer.  

• Tech manufacturers: Tech companies can do their part by implementing security features built-in by design. Default settings should have the highest security measures implemented, and individuals can manually bypass security features if they don’t want them. Users should not have to opt-in to necessary security measures.