Cybersecurity awareness month: Protection starts with people

While security technologies have advanced over the years to detect and prevent many cyber threats, no organization is bulletproof. Not only do cyber breaches expose sensitive information, but they can come with a hefty price tag too—the average cost of a breach in the U.S. is $10.22 million, racked up by high regulatory fines, detection and escalation costs and other losses.

Human teams and fallible processes make up critical portions of any organization’s protective barrier, and with 60 percent of recent breaches involving a human element, it’s clear that breakdowns in processes and the “human firewall” continues to be a target for bad actors to exploit and circumvent technical protective measures.

Best practices: Smarter habits, safer systems

October marks Cybersecurity Awareness Month, making it the perfect time to reassess processes and review strategies to protect both personal and organizational data.

1. Here phishy, phishy: Be aware of AI-enhanced social engineering schemes

Phishing is the most common (and most costly) initial course that attackers use to gain access to systems. With the AI boom, phishing schemes have evolved to be quite convincing and increasingly harder to spot. Despite the growing sophistication, core protection strategies remain reliable:

• Check the sender’s email domain carefully before responding to unexpected emails.
• Hover over links to verify destinations before clicking.
• Confirm unusual emails or attachments with the sender directly.
• Follow established protocols and, when in doubt, consult your security team.

The biggest red flags of a phishing email are when it’s asking for sensitive information, urging you to take immediate action, or requesting you to go outside of established processes or protocols.

2. Practice squeaky clean password hygiene

Passwords are still the primary way of authenticating to online services, from lower-risk services like streaming your favorite show to accessing company resources. Password reuse, aka when you use the same passwords across multiple sites, puts your information at risk when a data breach occurs as bad actors can cross-check the compromised credentials to access your accounts on other sites.

Here are some practical tips to help with password management:

• Longer is better: Passwords should be at least 16 characters long, unique to each site and reinforced with complexity.
• Tweak by platform: If you have a favorite password or passphrase, add the site or app name to a base passphrase for uniqueness.
• Utilize a password manager: A password management tool (such as KeePass) simplifies generating and storing credentials.
• Enable multi-factor authentication (MFA): Implementing MFA adds a crucial secondary layer of protection through an authentication app, SMS code or biometrics. This means that even if a password is compromised, MFA can effectively block unauthorized access.

3. Don’t hit “snooze” on software updates

Mobile and desktop apps often deliver urgent security patches. No matter your operating system, software updates should be made as soon as they’re available. After all, many software updates are created to fix security risks. Being proactive with software updates ensures that you benefit from the latest defense. Here are some tips for staying vigilant:

• Turn on notifications for software updates.
• Don’t wait—install updates ASAP.
• Turn on automatic updates to get protected faster.

4. Take precautions with not-so-public wi-fi

While public networks are convenient, they lack many of the protections available through private networks. When handling sensitive information, always use a VPN (virtual private network) to encrypt your session. If a VPN isn't available:

• Stick to HTTPS‑secured websites: These encrypt the information you exchange with the site.
• Not sharing is caring: Disable file and folder sharing when connecting in public spaces.
• Forget about it: Select “Forget This Network” after using public networks to prevent automatic reconnections.

Embedding security into everyday practice

For any organization, security should be part of the culture, driven by engaging, human‑centered training to build a strong “human firewall.” Here are some core principles to follow:

• Make training relatable and fun: Utilize creative campaigns (e.g. themed events or gamified scenarios) to increase retention and enthusiasm.
• Use positive reinforcement: Highlight and reward departments or individuals who excel at phishing detection or security participation.
• Consistent multi-channel communication: Leverage email, chat or even video filmed by team leaders to keep interest.
• Highlight emerging threats: Regularly update employees on new tactics, such as AI‑assisted phishing or social engineering scams.

This approach shifts security from being perceived as a burden to becoming a set of ingrained habits and shared responsibility.

Key takeaways

• Recognize and report phishing: Phishing remains the top threat method
• Use strong, unique passwords: Helps minimize risk from credential reuse
• Enable MFA on all accounts: Adds critical secondary layer of protection
• Keep software updated: Fixes vulnerabilities before they can be exploited
• Use VPN/public Wi‑Fi safeguards: Protects sensitive data during remote access
• Cultivate ongoing awareness culture: Security becomes second nature through engagement

Cybersecurity Awareness Month is more than a reminder: it’s an opportunity to reinforce a culture of shared responsibility. Protecting sensitive data starts with empowered people and smart processes. By staying informed, practicing vigilance and embracing security-first habits, businesses can significantly help reduce their risk of attack.