October is Cybersecurity Awareness Month – It’s a good time to update your training program

This month is the 22nd annual Cybersecurity Awareness Month, cosponsored by the Cybersecurity and Infrastructure Agency (CISA) and the National Cybersecurity Alliance. CISA’s theme this year is “Building a Cyber Strong America.”

Cybersecurity awareness by all users is a critical part of effective cyber defense. CISA has reported that 90% of successful cyberattacks start with a phishing email. Verizon’s Data Breach Investigation Report has reported that about 60% of attacks involve a human element (excluding malicious misuse that would not be impacted by security awareness). User awareness can make a big difference in security.

Every user, from the newest hire to senior management, has a role in effective cybersecurity. Training is critical. The goal should be to promote constant security awareness, by every user, every day, every time they’re using technology, including staying focused and avoiding multitasking and distractions. Users should be aware of current threats and how to protect against them, know what to do if there’s an incident, and know how to get answers to questions.

This month is a good time to provide a refresher to users, followed by periodic repetition. This Cybersecurity Awareness Month is also a good time to review and update your training program (or to implement one if you don’t have a program). The review should include changes in applicable federal and state requirements and industry standards.

This year’s tips include:

1. Update software
2. Use strong passwords and a password manager
3. Turn on multifactor authentication whenever possible
4. Recognize and report phishing

These tips can explain these measures, why the business requires them, and how they promote security at home.

If you have questions about the content of this alert, please contact David Ries (dries@clarkhill.com, 412.394.7787), Melissa Ventrone (mventrone@clarkhill.com, 312.360.2506), or another member of Clark Hill’s Data Privacy, Protection, and Cybersecurity Group.

This publication is intended for general informational purposes only and does not constitute legal advice or a solicitation to provide legal services. The information in this publication is not intended to create, and receipt of it does not constitute, a lawyer-client relationship. Readers should not act upon this information without seeking professional legal counsel. The views and opinions expressed herein represent those of the individual author only and are not necessarily the views of Clark Hill PLC. Although we attempt to ensure that postings on our website are complete, accurate, and up to date, we assume no responsibility for their completeness, accuracy, or timeliness.