Established in 2004 by the U.S. government, Cybersecurity Awareness Month is a global initiative dedicated to promoting online safety.
This annual event encourages individuals, businesses, and governments to take proactive steps to reduce their vulnerability to cyber threats. The core principles of Cybersecurity Awareness Month revolve around four essential practices:
- Recognizing phishing attempts: Be wary of suspicious emails, texts, or calls that request personal information.
- Using strong passwords: Create complex passwords that are difficult to guess and avoid using the same password for multiple accounts.
- Enabling multi-factor authentication (MFA): Add an extra layer of security by requiring a code from your phone or another device to log in.
- Updating software: Keep your devices and software up-to-date with the latest security patches.
Here’s what our experts had to say on this:
Don Boxley, CEO and Co-Founder, DH2i
“While virtually every organization is aware of cyber threats all year long, Cybersecurity Awareness Month serves as a great reminder of the increasing sophistication and frequency of attacks. Despite cybersecurity being a top priority for businesses around the world, many still overlook the huge risk imposed by something as simple as outdated technology. For example, virtual private networks (VPNs) were originally designed over two decades ago for a more simplistic era of networking and security. In today’s complex hybrid and multi-cloud world, they represent a significant vulnerability due to their inherent weaknesses – such as excessive trust, reliance on physical infrastructure, and lack of granular access control. In other words, a single compromised VPN can provide an attacker with unlimited lateral attack surface to gain access to a company’s entire network – including its most sensitive data.
“To safeguard against evolving threats, modernization is the key. In the case of upgrading from VPNs, software-defined perimeter (SDP) solutions should be at the top of the priority list. SDP integrates concepts like Zero Trust Network Access (ZTNA) connections to enforce a strategy of least privilege, meaning users and devices can only access the data for which they are specifically authorized. SDP also allows for application-level connectivity which minimizes attack surface and limits lateral movement within the network, further eliminating the risk of large-scale breaches. A select few SDP solutions will even increase your network throughput, benefiting your company as a significant security and performance enhancement.
“So, as you think about how you want to commemorate Cybersecurity Awareness Month this year, may I offer that the most conscientious and diligent way to do so is to simply conduct a review of your IT infrastructure and then initiate a refresh of any dangerously obsolete technology.”
DeeDee Kato, Vice President of Marketing, Foxit
“How often in your business life (or your personal one, for that matter) do you use a PDF to store, share, and/or protect the integrity of information – whether it’s a contract, financial document, or medical record? Did you have to give it some thought? That is likely because PDFs have become so very ubiquitous in our lives – with the majority holding valuable and/or sensitive information whose security is paramount. Therefore, this year, during Cybersecurity Awareness Month, I urge you to take a proactive approach to protecting these documents from unauthorized access and malicious intent.
“Let’s start with the basics. To protect your PDFs you need several common sense security features such as password protection, encryption, and digital signatures to ensure only authorized users can view or edit documents. But you cannot stop there. The ideal PDF solution must also provide advanced redaction tools to permanently remove sensitive information; as well as integrate openly with security solutions to detect, protect, and mitigate malware. And if you really want to sleep at night (and help your C-suite, legal, and compliance departments, too), your PDF solution must support compliance with data privacy and other prevailing industry regulations. In other words, with the right PDF protection in place, you can safeguard your documents, protect your business, and ultimately keep your bottom line secure.”
Larry O’Connor, Founder and CEO, Other World Computing (OWC)
“Cybersecurity Awreness Month is a great time to be reminded that data security is not just one person’s or organization’s responsibility – it must be a collective effort. Likewise, your data’s security cannot be reliant on just one technology serving as protection – a multi-layered defense is the best (and perhaps only) way to ensure success. Certainly, data storage must play a critical role in this strategy. This means we must choose our solutions wisely.
“And when we are considering scalability, availability, performance, and/or price, equal consideration should be paid to protection and security. After all, data storage is about more than just keeping files… It’s about safeguarding what matters to you most – from business records to intellectual property to sensitive employee and/or customer information, all the way to our most precious personal memories. Data is more than just zeros and ones; it’s the digital embodiment of our stories, innovations, and the foundation of our future.”
James Greenwood, Regional Vice President, Technical Account Management at Tanium
“As we discuss Cybersecurity Awareness month, a lot of IT teams are inevitably feeling stretched. A combination of skills shortages and shrinking budgets means burnout is rife across the industry. In cybersecurity, this can quickly lead to human errors that open up an organisation to increased risk. Automation is one way to overcome this growing issue. Automation will change the IT workforce for the better by leading to reduced human error, lowering burnout rates and improving work-life balance. For example, most patching today needs to happen outside of regular working hours due to systems having to be shut down for hours at a time. With automated patching, this would no longer be the case, leading to happier, more productive teams that are less likely to make mistakes that could cost their company millions.
“This Cybersecurity Awareness month, organisations should be thinking about how they can leverage automation tools to support critical tasks, from endpoint monitoring to compliance auditing and patching. This won’t just save resources and reduce burnout but will reduce the overall risk involved in manual cybersecurity processes.”
Simon Berglund, Senior Vice President and General Manager for APAC, Diligent
“Cybersecurity Awareness Month is an opportune time to reiterate the critical and accelerating need for proactive governance to address cyber risks. As cyber attacks become more sophisticated, boards and executive teams must prioritise cybersecurity not just as an IT issue, but as a core element of their governance strategy.
“As highlighted by recent legislations, the accountability for cyber failures rests not only on companies but also on individual executives. It’s crucial that organisations implement proactive governance programs, conduct regular risk assessments, and ensure that CISOs are equipped with both the authority and liability protection needed to address these risks effectively. Cybersecurity should be a shared responsibility, requiring collaboration between legal, compliance, and security teams. Regular, transparent reporting to the board and comprehensive employee training programs are essential to minimise vulnerabilities.
“At Diligent, we equip leaders with the tools to stay ahead of cyber risks by offering real-time insights and secure collaboration across governance, risk, and compliance. In today’s fast-changing environment, boards must ask the right questions, engage with cybersecurity experts, and foster a risk-conscious organisational mindset. Cybersecurity isn’t a one-off effort; it’s an ongoing obligation. Now more than ever, it’s critical to build more secure, resilient organisations through an optimised, holistic practice across not only cyber, but all GRC executives and the Board Directors.”
Alyssa Blackburn, Program Manager- Information Management, AvePoint
“High-profile data breaches today are often the result of poorly managed systems and a lack of proper information lifecycle management. While external cyber threats have grown more sophisticated, many breaches stem from outdated or inefficient internal processes. Too often, organisations focus on responding to external threats while neglecting the internal processes that allow those threats to succeed in the first place.
“When critical information isn’t properly classified, retained, or disposed of, organisations are left exposed, increasing the risk of breaches. Stale, ungoverned data becomes a ticking time bomb, ready to be exploited by malicious actors.
‘To address these vulnerabilities, it’s critical for organisations to prioritise optimising their systems and making secure practices intuitive for employees. Cybersecurity shouldn’t be an added burden, but it should instead be seamlessly integrated into everyday workflows. The right thing to do must be the easiest thing to do, reducing the friction employees face when handling data securely.
“Rather than relying solely on employee training or adding extra security tasks, businesses should focus on strengthening their systems and automating data and and simplifying the management of records and information, ensuring compliance and lifecycle governance across cloud-based systems. This proactive approach ensures that security measures are effective and easy to follow, with a strong focus on proper information lifecycle management—ensuring that data is appropriately classified, retained, and disposed of in a timely manner.
“By simplifying security and building resilient, well-managed systems, organisations can better protect themselves from breaches while fostering a culture of cybersecurity awareness and responsibility.”
While Cybersecurity Awareness Month occurs annually in October, the importance of these practices extends far beyond a single month. Cybersecurity is a constant challenge, and everyone has a role to play in protecting themselves and their communities from online threats.
Keep up to date with our stories on LinkedIn, Twitter, Facebook and Instagram.