Cybersecurity
Cybersecurity Awareness Month: the four things that actually matter
Every October, a wave of cybersecurity advice washes over small business owners, and most of it is useless — not because it’s wrong, but because it’s long. A list of twenty things is not a plan. It’s a way of feeling bad.
So here’s the short version. CISA and the National Cybersecurity Alliance run the national Cybersecurity Awareness Month campaign, and they’ve narrowed the entire thing down to four actions. Not four categories. Four things you can actually do.
1. Learn to spot and report phishing
Most breaches don’t begin with a hacker in a hoodie. They begin with an email that looks close enough. Four red flags cover most of it: false urgency, a sender address that’s almost right, a link that doesn’t go where the text says, and an attachment nobody asked for.
And the second half of that action matters more than the first: report it. A team that quietly deletes suspicious emails learns nothing. A team that flags them builds a warning system.
2. Use strong, unique passwords
The reason people reuse passwords isn’t laziness. It’s that nobody can memorize forty unique sixteen-character strings, and pretending otherwise has never worked for anybody, ever. Use a password manager. You remember one password; it remembers the rest.
3. Turn on multi-factor authentication
If you do exactly one thing this month, do this one. MFA means that a stolen password, on its own, is worth almost nothing. It takes about thirty seconds per account.
Start with email — it’s the account that can reset all the others. Then banking. Then anything holding customer data.
4. Keep your software updated
The least glamorous item on the list, and quietly one of the most important. Attackers scan the entire internet, constantly and automatically, looking for known holes that were patched months ago. They don’t know your name. They know your version number.
Turn on automatic updates — phones, laptops, routers, and the boring boxes in the closet that nobody thinks about.
That's the list
Four things. Not twenty. If you did two of them this month, you’d be ahead of most businesses your size — and that isn’t a compliment to you, it’s an indictment of how low the bar sits.
None of this requires an enterprise budget. It requires an afternoon.
Want to know where you actually stand? We do free, no-pressure security checks for small businesses across the East Bay — backups, accounts, defenses. We tell you plainly what to fix first.
Framing follows CISA’s “Secure Our World” campaign, the official national Cybersecurity Awareness Month program.