Cybersecurity Awareness Month was established more than 20 years ago to provide resources to enable organizations and their employees to stay safer and more secure online. It is an opportunity to focus on four key behaviors that will help everyone stay secure throughout the year:

Creating strong passwords and using a password manager

Enabling multi-factor authentication

Updating software

Recognizing and reporting phishing attempts

Each of these key behaviors are necessary to help keep organizations, their clients, and their employees secure.

Securing Digital Assets by Regularly Installing Updates

Monitor for update announcements. Organizations should stay informed of upcoming updates to prepare for rollouts. Create a group email used to subscribe to automatic messages from software vendors, and schedule regular review sessions to discuss and plan for upcoming updates. If a vendor or provider does not send emails with update details, assign a team member to regularly check their website or communicate with the vendor's account manager.

Install all updates as soon as possible. Security updates and patches are released to fix bugs and vulnerabilities in operating systems and devices—any delay in installing updates increases risk by leaving a vulnerability unpatched. After updates are announced, there is a limited amount of time to act before hackers learn how to exploit security issues and bugs.

Enforce updates for mobile devices that connect to the corporate network or access corporate data. Many organizations allow employees to use their personal mobile devices, also known as Bring Your Own Device (BYOD), to check work email and access data. By using a mobile device management system, organizations are able to monitor devices' software versions to help reduce security vulnerabilities. To ensure these devices remain secure, organizations should require employees to regularly update all devices with network access. If employees do not install the most current software version on their devices, the device management system can remove their company access until the device has been updated.

Educate employees about the dangers of delaying or ignoring device updates. Even if an employee's device does not have direct access to company email and data, a compromised personal device could still pose a danger to an organization. For example, employees may sign into corporate email through the web portal on their mobile phones, thus opening up the organization to compromise. Train employees to set up automatic updates for their devices and all apps to increase the organization's and employee's security, especially prior to traveling.

Software bugs and vulnerabilities can open an organization to malware and unauthorized network access. Implementing multiple layers of security—creating strong passwords, enabling multi-factor authentication, and installing updates—helps keep an organization's network and its confidential information secure.

