Cyber Security Awareness Month - October 2023

This year is the 20th anniversary of Cyber Security Awareness Month. It runs every October and is an opportunity for companies to highlight the importance of security to their business operations and their customers. It can be a dedicated month for talking about risks faced by your organisation; a chance to inject some fun into your security program; or an opportunity to raise the visibility of your commitment to protecting your customers from data breaches.

What's this year's theme?

This year the US-based Cybersecurity and Infrastructure Agency (CISA) has set four topics for Cyber Security Awareness Month, these are:

Use strong passwords and password managers

The UK’s National Cyber Security Centre (NCSC) recommends using strong passwords to protect your systems and information.

The NCSC’s guidance suggests using ThreeRandomWords to create passwords.

It is no longer recommended to mandate upper and lower case, a number, and a special character or to change the password regularly (i.e., every 30, 60, 90 days).

Turn on multi-factor authentication

Multi-factor authentication provides an extra layer of defence against attackers looking to access your systems and steal your information.

Multi-factor authentication comes in many forms:

1) a text message or call to a registered phone number

2) an authenticator app

3) a physical token

Recognise and report phishing

Phishing is still one of the most widely used method of attacking companies. Whether it is to gain access, steal your data or deploy ransomware, attackers send out millions of these emails every year hoping that someone will click on or interact with the email and its contents.

You can get more specific phishing attacks called ‘Whaling’ and ‘Spear phishing’ that target specific users in your company (i.e., CEO, CFO)

Update software

Unpatched or out-of-date software can lead to attackers gaining access to your systems, information, customers, and money.

Companies are regularly breached through the use of out-of-date and unsupported software. Two recent UK examples are the Electoral Commission and a defence contractor, both of whom had sensitive information stolen and have spent a lot of time trying to resolve and recover.

Have you created a CSAM 2023 program?

If so, that’s great – we look forward to hearing about what companies have been doing during the month.

If not, now is the perfect time to start thinking about it! It can be difficult to come up with ideas, or you might not have enough time or resources to dedicated to developing a program and all the content to get the most out of it. If that’s the case, let us help.

Our team of cyber security and education professionals are ready to help you achieve the most from CSAM 2023. We can create an events schedule, develop dedicated and organisation-specific content to help you achieve your goals, and even manage and deliver a whole month’s worth of content to your users.

Cookie	Duration	Description
__stripe_mid	1 year	Stripe sets this cookie cookie to process payments.
__stripe_sid	30 minutes	Stripe sets this cookie cookie to process payments.
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
CookieLawInfoConsent	1 year	Records the default button state of the corresponding category & the status of CCPA. It works only in coordination with the primary cookie.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
NID	6 months	NID cookie, set by Google, is used for advertising purposes; to limit the number of times the user sees an ad, to mute unwanted ads, and to measure the effectiveness of ads.
VISITOR_INFO1_LIVE	5 months 27 days	A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.
YSC	session	YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt-remote-device-id	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.

Principle Defence

Principle Defence