Held every October, Cybersecurity Awareness Month (NCSAM) is a collaborative effort between government and industry to raise awareness about the importance of cybersecurity and to ensure that all Americans have the resources they need to be safer and more secure online.
The Cybersecurity and Infrastructure Security Agency (CISA) is the federal lead for Cybersecurity Awareness Month. CISA co-leads Cybersecurity Awareness Month activities, messaging, and events with the National Cyber Security Alliance (NCSA)—a national non-profit focused on cybersecurity education & awareness.
The overarching theme for 2020 is “Do Your Part. #BeCyberSmart.” The theme empowers individuals and organizations to own their role in protecting their part of cyberspace, with a particular emphasis on the key message for 2020: “If you connect it, protect it.” If everyone does their part – implementing stronger security practices, raising community awareness, educating vulnerable audiences or training employees – our interconnected world will be safer and more resilient for everyone.
If You Connect it, Protect It.
This year’s main effort is to encourage all Americans to take proactive steps to enable lasting, positive cybersecurity behavior change at home and at work. Protecting against cyber threats is a critical challenge for organizations of all sizes in both the public and private sectors and serves as a constant reminder of the need to promote cybersecurity awareness across the Nation. NCSAM highlights the importance of empowering citizens, businesses, government, and schools to improve their cybersecurity preparedness. It reminds us that being more secure online is a shared responsibility and creating a safer cyber environment requires engagement from the entire American community.
Throughout October, NCSA will focus on the following areas in our promotions and outreach. Partners are welcome to follow along with NCSA but also encouraged to create their own areas of focus relevant to their organization:
October 1 and 2: Official kick-off for the month
The National Cyber Security Alliance, in partnership with the Cybersecurity and Infrastructure Security Agency (CISA), invites you to participate in Cybersecurity Awareness Month 2020 this October as we encourage all users to own their role in protecting connected devices. “Do Your Part. #BeCyberSmart.”
Week of October 5 (Week 1): If You Connect It, Protect It
If you connect it, protect it. The line between our online and offline lives is indistinguishable. This network of connections creates both opportunities and challenges for individuals and organizations across the globe. The first week of Cybersecurity Awareness Month will highlight the ways in which internet-connected devices have impacted our lives and will empower all users to own their role in security by taking steps to reduce their risks.
Week of October 12 (Week 2): Securing Devices at Home and Work
2020 saw a major disruption in the way many work, learn, and socialize online. Our homes are more connected than ever. Our businesses are more connected than ever. With more people now working from home, these two internet-connected environments are colliding on a scale we’ve never seen before, introducing a whole new set of potential vulnerabilities that users must be conscious of. Week 2 of Cybersecurity Awareness Month will focus on steps users and organizations can take to protect internet connected devices for both personal and professional use.
Week of October 19 (Week 3): Securing Internet-Connected Devices in Healthcare
The healthcare industry is increasingly relying upon internet-connected devices and solutions to improve patient care, organizational efficiency, speed of crisis response, and much more. The emergence of telemedicine, digital health records, internet-connected medical devices, patient wellness apps, and an increasing amount of third parties entering the health supply chain has created many benefits, but has also exposed the industry to vulnerabilities that cyber criminals regularly attempt to exploit. The third week of Cybersecurity Awareness Month will delve into the industry (hospitals, care facilities) and consumer (telemedicine patients), implications of internet-connected device use, and what steps both can take do their part and #BeCyberSmart.
Week of October 26 (Week 4): The Future of Connected Devices
The final week of Cybersecurity Awareness Month will look at the future of connected devices. This week will look at how technological innovations, such as 5G, might impact consumers’ and business’ online experiences (e.g. faster speeds and data transmission, larger attack surface for hackers), as well as how people/infrastructure can adapt to the continuous evolution of the connected devices moving forward. No matter what the future holds, however, every user needs to be empowered to do their part.
Do Your Part:
You and your organization can help promote Cybersecurity Awareness Month in multiple ways. Start by becoming a Cybersecurity Awareness Month Champion. You’ll receive a toolkit outlining key messaging, important information, and ways to promote. The toolkit has a wealth of resources to engage and promote the core theme and critical messages leading up to and throughout October. As the slide illustrates, it includes great ideas for activities and events; sample posts for Facebook, Twitter, and Instagram; customizable talking points, blog posts, email content; and much more. Also on that site, you can download the new Cybersecurity Awareness Month logo to co-brand your products.
Other ways to get involved:
- Join in the conversation online. Tag all of your Cybersecurity Awareness Month posts with #BeCyberSmart
- Contribute a guest blog to staysafeonline.org. Contact: email@example.com
- Align your October events by designating them as a “Cybersecurity Awareness Month Partner Event*” and submit your event to NCSA’s community calendar.
*Criteria for hosting a Partner Event will be included in the Champion toolkit
- Use the new Cybersecurity Awareness Month logo to co-brand digital materials with Cybersecurity Awareness Month (infographics, resources, emails, etc.)
Every individual should own their role in protecting their information and securing their systems and devices. There are many steps individuals can take to enhance their cybersecurity without requiring a significant investment or the help of an information security professional. Below, NCSA highlights eight tips you can put into action now:
- LOCK DOWN YOUR LOGIN Make a long, unique passphrase. Length trumps complexity. A strong passphrase is a sentence that is at least 12 characters long. Focus on positive sentences or phrases that you like to think about and are easy to remember. Use 2-factor authentication or multi-factor authentication (like biometrics, security keys or a unique, one-time code through an app on your mobile device) whenever offered.
- WHEN IN DOUBT, THROW IT OUT Links in email, tweets, texts, posts, social media messages and online advertising are the easiest way for cyber criminals to get your sensitive information. Be wary of clicking on links or downloading anything that comes from a stranger or that you were not expecting. Essentially, just don’t trust links.
- KEEP A CLEAN MACHINE Keep all software on internet connected devices – including personal computers, smartphones and tablets – current to reduce risk of infection from ransomware and malware. Configure your devices to automatically update or to notify you when an update is available.
- BACK IT UP Protect your valuable work, music, photos and other digital information by making an electronic copy and storing it safely. If you have a copy of your data and your device falls victim to ransomware or other cyber threats, you will be able to restore the data from a backup. Use the 3-2- 1 rule as a guide to backing up your data. The rule is: keep at least three (3) copies of your data, and store two (2) backup copies on different storage media, with one (1) of them located offsite.
- OWN YOUR ONLINE PRESENCE Every time you sign up for a new account, download a new app, or get a new device, immediately configure the privacy and security settings to your comfort level for information sharing. Regularly check these settings (at least once a year) to make sure they are still configured to your comfort.
- SHARE WITH CARE Think before posting about yourself and others online. Consider what a post reveals, who might see it and how it might affect you or others. Consider creating an alternate persona that you use for online profiles to limit how much of your own personal information you share
- GET SAVVY ABOUT WIFI HOTSPOTS Public wireless networks and hotspots are not secure, which means that anyone could potentially see what you are doing on your laptop or smartphone while you are connected to them. Limit what you do on public WiFi, and avoid logging in to key accounts like email and financial services. Consider using a virtual private network (VPN) or a personal/mobile hotspot if you need a more secure connection.
Cybersecurity Awareness Month: https://staysafeonline.org/cybersecurity-awareness-month/
COVID-19 Security Resource Library: https://staysafeonline.org/covid-19-security-resource-library/
Security Awareness Videos: https://staysafeonline.org/resource/security-awareness-episodes/
The STOP. THINK. CONNECT.™ Campaign is a national public awareness campaign aimed at increasing the understanding of cyber threats and empowering the American public to be safer and more secure online. For additional information on STOP. THINK. CONNECT.™, visit https://www.dhs.gov/stopthinkconnect.
- The National Cyber Security Alliance (NCSA) builds strong public and private partnerships to create and implement broad-reaching education and awareness efforts to empower users at home, work, and school with the information they need to keep themselves, their organizations, their systems and their sensitive information safe and secure online and encourage a culture of cybersecurity.
- Powered by the U.S. Department of Homeland Security, the “BeCyberSmart” campaign is designed to inspire the younger generation of Americans to take responsibility for their own cyber safety. Learn about cybersecurity basics, common scams, and how to report cybersecurity incidents by visiting the campaign online.
- CISA’s CYBER ESSENTIALS is a guide for leaders of small businesses as well as leaders of small and local government agencies to develop an actionable understanding of where to start implementing organizational cybersecurity practices. For a deeper look and greater insight, check out the Cyber Essentials Toolkits, a set of modules designed to break down the CISA Cyber Essentials into bite-sized actions for IT and C-suite leadership to work toward full implementation of each Cyber Essential.
- CISA’s Telework Guidance and Resource site is a one stop shop for CISA resources to assist organizations and teleworks be secure when working remotely.