What Is Cybersecurity Awareness Month (NCSAM)?

Share :

It is October, so you know what that means—leaves are falling, Halloween is here, and all eyes turn to… cybersecurity. 

What Is Cybersecurity Awareness Month (NCSAM)? 

Observed each October, National Cybersecurity Awareness Month (NCSAM) was first launched in a collaborative effort between the National Cyber Security Alliance (NCSA) and the U.S. Department of Homeland Security. Today, it continues to be an important collaboration between government and industry in the months up to and throughout October. Each year focuses on core themes to raise awareness about cybersecurity issues and explain what resources can help.

Four Excellent Cybersecurity Awareness Resources

1. The Complete Security Awareness Program Plan and Strategy Guide
Gain actionable guidance and strategy for maturing your security awareness program.

2. Transform Your Security Awareness Training
Arctic Wolf Managed Security Awareness® prepares your employees to recognize and neutralize social engineering attacks and human error—helping to end cyber risk at your organization.

3. How to Calculate the ROI of Security Awareness Training 

The growing number and magnitude of cyber attacks impacts organizations across all sectors, and cyber incidents remain among the top ranked business risks globally Unfortunately, cybersecurity defenses are not keeping up with cyber threats.

4. 6 Biggest Security Awareness Program Challenges—And What to Do About Them
Most organizations provide security awareness education to employees.  But given how often hackers continue bypassing security controls, it’s clear there’s a huge need for improvement. With that in mind, here are some of the biggest challenges for security-awareness programs—and how to solve them.

Cybersecurity Awareness Month

CISA.gov 2022’s Cybersecurity Awareness Month Theme: “See Yourself in Cyber.”

Four Things You Can Do To Be More Secure Online

Week 1. Enable MFA
Week 2. Use Strong Passwords
Week 3. Recognize and Report Phishing
Week 4. Update Your Software

For NCSAM 2022, the 18th annual event, four actions you can take right now highlight the month’s overarching message to “See Yourself in Cyber.” It’s important for every member of every team to understand they play an important role in keeping themselves and their organizations secure.

And while these actions are being shared in October, no one should treat them as ONE & DONE!

Be sure to implement these actions as ongoing practices!

Week 1. Enable Multi-factor Authentication (MFA) 

Multi-factor Authentication is an important and effective security tool when properly used.


  • Only approve an MFA request if you triggered it. 
  • Do not ever share your MFA code with someone requesting it. 
  • If you change your phone number, be sure to update your MFA contact info immediately. 
  • If you are receiving MFA notifications over and over be especially suspicious and report the activity to your IT team. 

For more, take a deeper look into MFA

Week 2. Use Strong Passwords 

Did you know that 81% of data breaches are caused by stolen or weak passwords? Creating strong passwords is key to keeping the bad guys at bay. 

Here are a few  security awareness guidelines help you elude the password-pirates: 

  • Be creative with your passwords.
  • Never use a default password. Not even for your IP-connected webcam.
  • Create passwords that are at least 12 characters in length. Include letters, numbers, and symbols (*$%^~_+). This will fend off brute-force attacks.
  • If you have a biometric option (i.e. fingerprint), use it. 
  • Change your passwords (even if they’re strong) every six months to a year. 
  • Use a password manager. If you’re an IT manager, make that mandatory for employees. 
  • Always lock your mobile devices when unattended. 
  • Check app permissions frequently. 
  • Don’t share your passwords and never write them down!  

Week 3. Recognize and Report Phishing 

The third action for cybersecurity awareness month involves maintaining a watchful eye with a splash of suspicion. The bad guys can only trick you if they get your attention, and they are trying very hard to do just that! They will come after you with text messages (smishing), emails (phishing), and/or phone calls (vishing).

So it’s up to you to be examine each message you receive with some suspicion. 

  • Double check the email address of the sender. 
  • Slow down when a message seems urgent. Don’t skip over being careful because the sender is asking you to hurry. 
  • Don’t blindly trust the links in a message. Instead, visit websites manually from a new browser. 
  • Be suspicious of messages you weren’t expecting. 
  • Don’t download attachments from unknown senders or from anyone you weren’t expecting an attachment from. 
  • Always consider context, even for messages from known senders. Does Mike from accounting usually send attachments with no text in the body at 10:30 p.m.? 
  • If an executive requests personal information or a money transfer over email, confirm that request in person or via phone. 
  • Whenever in doubt, report it to your IT team. 
  • Stay up to date on the most recent tactics. 

Week 4. Update Your Software 

The fourth practice for cybersecurity awareness month also needs to be focused on year-round.
While it may seem inconvenient to keep your software updated because it always happens at the wrong time, it’s important to not delay!

Many software updates include security updates. That means if you don’t follow through with the updates, you could be leaving vulnerabilities open that allow bad guys to take advantage and control of your systems.

But be careful and suspicious because the bad guys will even push messages to you that seem like software updates or repairs.

Here are a few more tips for keeping your software up to date: 

  • Know where you should go to find out if your software needs updating. Don’t just trust any pop up or email, “Your system is infected, scan now.”
  • Consult your IT department and follow their instructions for keeping your software up to date.
  • Only download or run updates from trusted sources.
  • If you’re on the IT team, run your updates/patches proactively 

Learn more about these four topics, plus many more handy resources on our dedicated page October is Security Awareness Month

Nathan Caldwell

Nathan Caldwell

Nathan Caldwell has been a marketing leader in the tech world for nearly 10 years. He served as the producer and head of video marketing for one of the largest MSP software companies, where he was a keynote producer and coached tech leaders in executive speaking. In his latest adventure, he helped create Arctic Wolf’s Managed Security Awareness solution. When not fighting cyber bad guys Nathan loves to speak about his book, Empowering Kindness, and enjoys taking his four kids to theme parks.
Share :
Table of Contents
Subscribe to our Monthly Newsletter