October is Cybersecurity Awareness Month. During this month, the public and private sectors work together to raise awareness about the importance of cybersecurity.

October 2025 marks the 22nd Cybersecurity Awareness Month. This month serves as a reminder that businesses must stay cybersecure to safeguard company data, protect customers’ personal information and ensure employee privacy.

Here are four strategies from the Cybersecurity and Infrastructure Security Agency (CISA) and the National Cybersecurity Alliance that businesses and their employees can use to stay cybersecure throughout the year:

• Use strong passwords and password managers. Cybercriminals are often able to determine or guess simple passwords. Businesses should require employees to use strong passwords for all work-related accounts. Passwords should be at least 16 characters long, random and unique for each account. The use of password managers—secure programs that maintain and create passwords—should be encouraged or required. These easy-to-use programs store passwords and fill them in automatically on the web.
• Implement multifactor authentication (MFA). MFA is a layered approach to securing data and applications. This tool requires a user to present a combination of two or more credentials to verify their identity for login. MFA enhances security because even if one credential becomes compromised, unauthorized users will be unable to meet the second authentication requirement and will not be able to access the targeted physical space, computing device, network or database. Businesses should enable MFA on any site or service that offers it.
• Recognize and report phishing. Many cyberattacks result from a recipient of a phishing message accidentally downloading malware or giving sensitive information to a cybercriminal. Therefore, employees should know the signs of a phishing attack and be instructed not to click or engage in these phishing attempts. Instead, employees should recognize them by their use of alarming language or offers that are too good to be true. Phishing attempts should be reported using the appropriate IT protocols. If a business suspects that it has become a victim of a phishing attack (or any other type of cybercrime), it should immediately report the incident to its insurance partners and the appropriate government authorities.
• Update software. Businesses should ensure their software programs stay up to date by installing security updates as soon as possible. These updates close security vulnerabilities and help protect organizations from cyberattacks.

For more risk management resources, contact INSURICA today.

This is not intended to be exhaustive nor should any discussion or opinions be construed as legal advice. Readers should contact legal counsel or an insurance professional for appropriate advice. ©2025 Zywave, Inc. All rights reserved