Cybersecurity insights from industry experts.

This Cybersecurity Awareness Month, Don't Lose Sight of Human Risk

Organizations should focus on four key areas to advance employee education and "cyber smartness."

Microsoft Security, Microsoft

October 24, 2023

3 Min Read
concept of cybersecurity around the world for Cybersecurity Awareness Month
Source: Nico El Nino via Alamy Stock Photos

This month we celebrate the 20th anniversary of Cybersecurity Awareness Month — a dedicated time for industry, government, academia, and nonprofits to come together and raise awareness about the importance of cybersecurity for everyone.

Since its creation, Cybersecurity Awareness Month has grown from a national US initiative to a global movement that educates individuals and organizations about best practices and promotes a culture of cybersecurity. By dedicating a specific month to awareness, the industry encourages proactive measures, knowledge-sharing, and collective responsibility — ultimately helping more people envision their roles in cybersecurity and in making organizations and the world safer.

Cybersecurity knowledge-sharing is particularly important, as human risk has become one of the strongest vectors that modern security organizations must contend with. Today it accounts for more than 80% of cybersecurity incidents. Companies must find an effective way to uplevel cybersecurity education across the entire organization — not just within their security teams — if we hope to strengthen our collective security postures.

Read on to learn how technology can help security teams drive greater results, and explore key behaviors to focus on when spreading cybersecurity awareness across your organization.

4 User Behaviors to Emphasize In Cybersecurity Education Materials

At its core, cybersecurity awareness is about managing human risk. Companies can help advance this mission by providing cybersecurity education and skilling resources across their organizations. Education can include tips ranging from the fundamentals of cyber hygiene to day-to-day behaviors, such as identifying and avoiding tech support scams, advice on improving data and device security practices, and more.

In honor of Cybersecurity Awareness Month, here are the top four areas that Microsoft recommends focusing on to advance employee education and "cyber smartness."

Enabling Multifactor AuthenticationMultifactor authentication (MFA) can protect against 99.2% of attacks by offering stronger security than traditional passwords. As such, it's an incredible tool in the average employee's arsenal to uplevel security practices across your organization. We recommend periodically reminding users to enable MFA measures, such as biometrics or single-use codes, across their devices, apps, and account settings.

Strengthening the Sign-In Process

Along the same lines, it's important to remember that hackers don't break in. They sign in. If passwordless authentication is not an option, encourage employees to create stronger passwords using their browser's password generator. Length matters more than complexity here, so any passwords created should be at least 12 characters long. A password manager can be particularly helpful in tracking all current passwords.

Updating Software

Keeping software current with the latest security updates and patches is a vital step in protecting Internet-connected devices. On the individual user level, employees should be encouraged to set up automatic software updates to decrease the risk of vulnerabilities that can lead to ransomware and other malware. Likewise, consider creating an educational pamphlet that teaches employees how to check privacy and security settings against your desired level of information-sharing any time they register a new account, download an app, or acquire a new device.

Recognizing and Reporting Phishing

Finally, phishing scams are a significant threat vector that criminal actors leverage to infiltrate networks and steal sensitive data. Employees should be educated on best practices to avoid phishing scams, such as checking the sender's email address for verifiable contact information or an unrelated sender address and verifying the sender before clicking on links or opening email attachments. 

While the above tips are focused on changing user behaviors, technology has a role to play, too. Innovation is critical in creating new efficiencies for already overburdened security teams. By embracing leading technology advancements, such as generative AI, security teams can simplify complex toolsets and surface deeper insights across their entire data estates to better monitor threat activity in real time. This combination of leading technical innovations and broader user education can help empower security teams to streamline workflows and focus more of their time on the day-to-day work of cyber defense.

We invite you to leverage cybersecurity awareness not only this month, but all year round, to make sure everyone in your organizations is empowered to be cyber smart and assume a role in fighting cyber threats.

Read more about:

Partner Perspectives

About the Author(s)

Microsoft Security


Protect it all with Microsoft Security.

Microsoft offers simplified, comprehensive protection and expertise that eliminates security gaps so you can innovate and grow in a changing world. Our integrated security, compliance, and identity solutions work across platforms and cloud environments, providing protection without compromising productivity.

We help customers simplify the complex by prioritizing risks with unified management tools and strategic guidance created to maximize the human expertise inside your company. Our unparalleled AI is informed by trillions of signals so you can detect threats quickly, respond effectively, and fortify your security posture to stay ahead of ever-evolving threats.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights