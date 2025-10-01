COMMENTARY: In a world dominated by generative artificial intelligence (GenAI), automation, and advanced security platforms, many security pros might expect Cybersecurity Awareness Month (CAM) to spotlight modern security strategies such as threat intelligence feeds, AI‑powered malware detection, and zero‑trust architectures.However, there’s a much more practical reality. CAM’s Core 4 actions to stay safe online continue to emphasize the fundamentals, demonstrating the power of security basics to prevent attacks and proving that human behavior remains as critical as ever: use strong passwords, turn on multi-factor authentication (MFA), recognize and report scams, and run the software updates.[SC Media Perspectives columns are written by a trusted community of SC Media cybersecurity subject matter experts. Read more Perspectives here.]These Core 4 actions may not sound revolutionary in the age of AI‑driven cyber defense and quantum safe cryptography, but they remain the most consistently effective measures for protecting both individuals and organizations against the vast majority of threats. Even the most sophisticated technology can’t protect against weak passwords, missed patches, or a user tricked by a convincing phishing email. With that in mind, here are tips for both organizations and individuals to put each Core Action into practice:
Go long and complex: Use at least 15 characters; passphrases of unrelated words (e.g., Giraffe-House-River-Garden-Orange) are both memorable and resistant to brute-force attacks and credential-stuffing attacks. Keep it unique: Never reuse passwords across accounts; a breach in one service could compromise all accounts with the same password. Attackers increasingly weaponize stolen credentials across multiple services. Make it unpredictable: Avoid using names, birthdays, or common dictionary words. Automate security: Rely on a reputable password manager to generate and store strong, unique credentials at scale — whether it’s for enterprise applications or personal applications such as email and online banking. Install app-based or hardware tokens: Deploy hardware tokens over SMS for stronger protection against SIM-swapping and phishing attacks. For maximum protection, adopt phishing-resistant MFA solutions such as hardware tokens (FIDO2) or passkeys. Enforce MFA on high-value accounts first and expand broadly: For personal accounts, start with email, online banking, and social media, then apply MFA to shopping and health portals. Use passkeys: It’s a passwordless way to sign in, using a secure digital key stored on a device and verified by something like a fingerprint or face scan. Pause before acting: Check sender details, hover over links, and don’t download unexpected attachments. Spot subtle red flags: Typos, unusual domains, or urgent language often signal a threat. Report quickly: At work, alert IT or security teams immediately so they can block campaigns before they spread and prevent wider exposure or compromise. For personal accounts or systems, respond without delay by securing affected accounts (e.g. resetting passwords or enabling MFA) and notifying close friends and family to reduce the risk of them being targeted by the same attack. Enable automatic updates where available. Patch promptly after software vendors release updates prioritizing internet-facing components and those linked to actively exploited vulnerabilities. Run firmware updates for routers, IoT devices, and critical hardware in both offices and homes—smart doorbells and Wi-Fi routers can be a target for malicious actors.
Cybersecurity Awareness Month: Double-down on the security basics
