Cybersecurity Best Practices

As it is Cybersecurity Awareness Month, below is a toolkit provided by CISA for organizations on creating stronger cybersecurity. We have summarized the main points below:

• The toolkit is designed to help organizations run their own Cybersecurity Awareness Month campaigns in October.

• The 2025 theme is “Building a Cyber Strong America”, emphasizing that cybersecurity is not just an IT issue, but a public safety, economic, and community issue.

• It especially encourages participation from entities tied to critical infrastructure (utilities, hospitals, local governments, etc.).

Key Messages & Recommended Practices

CISA highlights 4 basic (essential) steps that every organization should adopt, and then “level-up” practices beyond those:

The Four Essentials

1. Teach employees to avoid phishing scams — Training and awareness to spot malicious emails.

2. Require strong passwords — Enforce password complexity and good password hygiene.

3. Require multifactor authentication (MFA) — Adds an extra layer beyond passwords.

4. Update business software regularly — Patch and update to close security gaps.

Level‑Up Defenses

5. Use logging to monitor system events.

6. Back up critical data (so you can recover from incidents).

7. Encrypt data and devices.

8. Share cyber incident information with CISA (or relevant authorities).

9. (For eligible organizations) Migrate to the .gov domain to increase trust and reduce impersonation risk.