October is Cybersecurity Awareness Month. During this month, the public and private sectors work together to raise awareness about the importance of cybersecurity.
October 2025 marks the 22nd Cybersecurity Awareness Month. This month serves as a reminder that businesses must stay cybersecure to safeguard company data, protect customers’ personal information and ensure employee privacy.
Here are four strategies from the Cybersecurity and Infrastructure Security Agency (CISA) and the National Cybersecurity Alliance that businesses and their employees can use to stay cybersecure throughout the year:
- Use strong passwords and password managers. Cybercriminals are often able to determine or guess simple passwords. Businesses should require employees to use strong passwords for all work-related accounts. Passwords should be at least 16 characters long, random and unique for each account. The use of password managers—secure programs that maintain and create passwords—should be encouraged or required. These easy-to-use programs store passwords and fill them in automatically on the web.
- Implement multifactor authentication (MFA). MFA is a layered approach to securing data and applications. This tool requires a user to present a combination of two or more credentials to verify their identity for login. MFA enhances security because even if one credential becomes compromised, unauthorized users will be unable to meet the second authentication requirement and will not be able to access the targeted physical space, computing device, network or database. Businesses should enable MFA on any site or service that offers it.
- Recognize and report phishing. Many cyberattacks result from a recipient of a phishing message accidentally downloading malware or giving sensitive information to a cybercriminal. Therefore, employees should know the signs of a phishing attack and be instructed not to click or engage in these phishing attempts. Instead, employees should recognize them by their use of alarming language or offers that are too good to be true. Phishing attempts should be reported using the appropriate IT protocols. If a business suspects that it has become a victim of a phishing attack (or any other type of cybercrime), it should immediately report the incident to its insurance partners and the appropriate government authorities.
- Update software. Businesses should ensure their software programs stay up to date by installing security updates as soon as possible. These updates close security vulnerabilities and help protect organizations from cyberattacks.
For more risk management resources, contact INSURICA today.
This is not intended to be exhaustive nor should any discussion or opinions be construed as legal advice. Readers should contact legal counsel or an insurance professional for appropriate advice. ©2025 Zywave, Inc. All rights reserved
About the Author
Share This Story
Related Blogs
New Federal Guidance Tightens Oversight of Health Plan Data Sharing
Federal regulators have issued new guidance that will affect how employers manage health plan data sharing for the rest of 2026. The update comes in response to a rise in cybersecurity incidents involving third-party administrators, payroll vendors, and benefits platforms. While the rules do not create new penalties, they clarify that employers—not vendors—are ultimately responsible for protecting employee health information.
Mental Health Parity Requirements Remain in Effect
Mental health parity continues to be an important compliance obligation for employer-sponsored group health plans. While recent federal actions have created some confusion, employers should understand that the core requirements of the Mental Health Parity and Addiction Equity Act (MHPAEA) remain in effect.
The 2026 Compliance Crunch: What Employers Must Do Before Fall
Employee benefits managers are facing one of the busiest compliance years in more than a decade. Several major federal requirements are converging at the same time, and most of them carry real penalties for employers that miss deadlines or fail to document their efforts. The result is a mid-year “compliance crunch” that is catching many organizations off guard.









