Cybersecurity Awareness Month

About

Since 2004, the President of the United States and Congress have declared the month of October to be Cybersecurity Awareness Month, a dedicated month for the public and private sectors, and tribal communities to work together to raise awareness about the importance of cybersecurity. The Cybersecurity and Infrastructure Security Agency (CISA) and the National Cybersecurity Alliance (NCA) are partnering to create resources and messaging for organizations to use when they talk with their employees, customers, and memberships about staying safe online. 

2023 marks the 20^th annual Cybersecurity Awareness Month and this year CISA is launching a new awareness program that will encourage 4 simple steps every American can take to stay safe online.  Simple actions we should all take not only during Cybersecurity Awareness Month, but every day throughout the year. 

The new theme for the campaign will be announced in time for Cybersecurity Awareness Month. In the meantime, we encourage you to incorporate the 4 simple steps into your own campaigns: 

• Use strong passwords and a password manager: Strong passwords are critical to protecting data. They are long, random, unique, and include all four-character types (uppercase, lowercase, numbers, and symbols). Password managers are a powerful tool to help you create long, random, and unique passwords for each of your accounts. Plus, they make storing passwords and user IDs easy.
• Turn on multifactor authentication (MFA): You need more than a password to protect your online accounts and enabling MFA makes you significantly less likely to get hacked. Enable multifactor authentication on all your online accounts that offer it, especially email, social media, and financial accounts and use authentication apps or hardware tokens for added security. Learn more about multifactor authentication.
• Recognize & report phishing: Phishing emails, texts, and calls are the number one way data gets compromised. Be cautious of unsolicited emails, texts or calls asking for personal information. Avoid sharing sensitive information or credentials over the phone or email unless necessary and don’t click on links or open attachments sent from unknown sources. Verify the authenticity of requests by contacting the individual or organization through a trusted channel. Report phishing attempts to the appropriate authorities or IT department. Learn to recognize the signs of phishing and report these incidents to protect data and devices.
• Update software: Ensuring your software is up to date is the best way to make sure you have the latest security patches and updates on your devices. Regularly check manually for updates if automatic updates are not available and keep operating systems, antivirus software, web browsers, and applications up to date.

Become a Cybersecurity Awareness Month Partner!

Partnering with CISA for Cybersecurity Awareness Month is a great way for us to work together and share the importance of reducing risks when we are online or using devices connected to the internet. As a partner your organization will receive free resources to help it create its own campaign and promote participation in Cybersecurity Awareness Month by employees, customers, the public, friends, and family.  Become one of our partners and help promote a safer, more secure, and more trusted internet.

For more information, and to become a Cybersecurity Awareness Month partner, email us at AwarenessCampaigns@cisa.dhs.gov

Ways to Get Involved

Online

• Follow CISA on Twitter, LinkedIn, Facebook and YouTube to receive the latest news and resources.
• Post online safety tips and contribute your own advice and resources to social media by using the hashtag #CybersecurityAwarenessMonth!

At Home 

• Share helpful tips and resources with friends and family, especially vulnerable groups like seniors.
• Hold a family “tech talk” and discuss how each family member can protect their devices, accounts, and personal information.
• Share tip sheets, print resources, and display them in areas where family members spend time online. 

At Work, at School, and in Your Community

• Send an email to colleagues, employees, customers and/or your school about Cybersecurity Awareness Month. Outline how your organization will be involved. Highlight the 4 simple steps. 
• Encourage your organization to share the 4 simple steps and cybersecurity advice on your social media accounts encouraging customers and employees to stay safe online.
• Host a poster or video contest for students or employees where in which participants create informative, online safety resources. Display the winning entries at school or share them with your community.
• Incorporate Cybersecurity Awareness Month into your organization’s newsletter or employee required training.  
• Host a local or virtual event or training for your organization. Discuss smart security practices, relevant cybersecurity issues, and allow participants to ask pressing cyber-related questions.
• Conduct a mock phishing simulation with employees. Remember to reward positive behavior! Not to punish for mistakes. Consider providing small prizes to those who perform well and are engaged in activities.
• At the end of the month, send employees an email highlighting your activities, results, and successes. Recap best practices learned throughout the month.

Consider volunteering at a community center, senior center, school, library, or scout troop to teach others about how they can stay safe online.