Why “Gotcha” Phishing Tests Let Us Down
One-off stunts and shame-based drills do more harm than good. Here is a kinder, smarter way to teach people to spot scams.
Cybersecurity Awareness Month: Building a cyber strong America
Throughout the month of October, this national campaign highlights the importance of the many entities in the supply chain that support and sustain vital services we rely on every day
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) officially kicked off Cybersecurity Awareness Month 2025 with the theme “Building a Cyber Strong America.”
Throughout the month of October this national campaign highlights the importance of state, local, tribal and territorial (SLTT) governments, small and medium businesses, and the many entities in the supply chain that support and sustain vital services every one of us relies on, every day, like water, power, communications, food, and finance.
At a time when nation-state backed cyber threats continue to increase, CISA is providing the tools and resources to empower critical infrastructure and supporting organizations to protect their digital systems and networks. This October, CISA asks every organization to strengthen their cyber defenses to secure the systems and services that drive the nation’s security, economy, and everyday life.
“Critical infrastructure – whether in the hands of state and local entities, private businesses, or supply chain partners – is the backbone of our daily lives,” said Acting CISA Director Madhu Gottumukkala. Whenever it’s disrupted, the effects ripple through communities across America. That’s why this year CISA is prioritizing the security and resilience of small and medium businesses, and state, local, tribal, and territorial government (SLTT) that facilitate the systems and services sustain us every day. This includes things like clean water, secure transportation, quality healthcare, secure financial transactions, rapid communications, and more. Together, we must make resilience routine, so America stays safe, strong, and secure.”
Cyber threats never take a day off. CISA urges every organization to take concrete actions to identify and secure the systems and services that make America a great place to live and do business.
Four Cybersecurity Best Practices Everyone Should Adopt:
The following four practices are the foundation of organizational cybersecurity and should be as automatic as buckling a seatbelt:
- Recognize and report phishing: Stop scams before they spread.
- Require strong passwords: Long, random, unique passwords protect accounts.
- Turn on multifactor authentication (MFA): Add a vital layer of defense.
- Update software: Patch known vulnerabilities before attackers exploit them
Additional Steps Organizations Can Take to Boost Resilience:
- Enable system logging on your systems: Detect suspicious activity.
- Back up data: Speed recovery when incidents occcur.
- Encrypt sensitive information: Render stolen data useless by keeping it locked and unreadable. Make encryption part of your security strategy.
- Adopt a .gov domain: (for government entities) this enhances security, trust and credibility.
This October, CISA is calling on every sector in the nation to join the mission: Building a Cyber Strong America starts with you.
For no-cost resources, toolkits, and practical guidance visit cisa.gov/cybersecurity-awareness-month.
