Checklist 298: Are You Even Aware What Month It Is?

This week’s Checklist is all about Cybersecurity Awareness Month 2022!

The perils and the power of people

October is Cybersecurity Awareness Month, and for 2022, the Cybersecurity and Infrastructure Security Agency (CISA) and the National Cybersecurity Alliance (NCA) have chosen a theme of “See Yourself in Cyber.”

CISA says that the reason for this year’s theme is that even though “…cybersecurity may seem like a complex subject, ultimately, it’s really all about people.”

That’s more than just a feel-good message. It’s an observable fact with serious cybersecurity implications — sometimes negative ones.

Verizon’s 2022 Data Breach Investigation Report, for example, found that 82% of all breaches involved a “human element” in some form or another. A recent piece in The Register cites IBM’s 2022 Cost of a Data Breach report, which found that “the two most common initial attack vectors were compromised credentials (19% of breaches) and phishing (16%).”

That’s concerning, of course, but it’s also cause for hope, because it means that individuals can have a real impact on security at work, school, and home. 

For this reason, CISA and NCA are highlighting four key ways to improve security this month:

• Recognize and Report Phishing
• Update Your Software
• Use Strong Passwords and Password Managers
• Enable Multi-Factor Authentication

Seeing yourself (and others) in cyber

If you’re a Checklist listener, you know that these topics are close to our heart. For years, we’ve stressed the importance of:

• Knowing how to spot phishing attacks
• Using strong, unique passwords
• Turning on two-factor authentication (2FA)
• Regularly updating your software

We’ve also seen why it’s necessary to reemphasize these fundamental security messages — because a lot of people clearly still need to hear them!

The bottom line is this: When it comes to solving the “people problem” in cybersecurity, sharing and repetition are extremely powerful tools. 

So to share CISA and NCA’s core message for this year’s Cybersecurity Awareness Month:

For individuals and families, we encourage you to See Yourself taking action to stay safe online. That means enabling basic cyber hygiene practices: update your software, think before you click, have good strong passwords or a password keeper, and enable multi-factor authentication (meaning you need “More Than A Password!”) on all your sensitive accounts. 

This month, we’d also encourage you to share what you know about cybersecurity with the people in your life. We’ve done a couple of episodes about how to talk to loved ones about security and privacy issues, including Checklist 62: Talking to Your Parents About Computer Security and Checklist 63: Scams that Target the Elderly. The SecureMac blog also has a guide to helping people with cybersecurity.

If you’d feel more comfortable sharing resources rather than advice, staysafeonline.org is a great option. It’s the website of the National Cybersecurity Alliance, and includes an excellent (and extensive!) Online Safety + Privacy Basics guide. 

Lastly, if you enjoy The Checklist and find value in it, then please tell folks you know about the podcast. We’ll talk to them about cybersecurity and privacy…so you don’t have to!