Skip to main content Why Microsoft Security AI-powered cybersecurity Cloud security Data security & governance Identity & network access Privacy & risk management Security for AI Unified SecOps Zero Trust Microsoft Defender Microsoft Entra Microsoft Intune Microsoft Priva Microsoft Purview Microsoft Sentinel Microsoft Security Copilot Microsoft Entra ID (Azure Active Directory) Microsoft Entra Agent ID Microsoft Entra External ID Microsoft Entra ID Governance Microsoft Entra ID Protection Microsoft Entra Internet Access Microsoft Entra Private Access Microsoft Entra Permissions Management Microsoft Entra Verified ID Microsoft Entra Workload ID Microsoft Entra Domain Services Azure Key Vault Microsoft Sentinel Microsoft Defender for Cloud Microsoft Defender XDR Microsoft Defender for Endpoint Microsoft Defender for Office 365 Microsoft Defender for Identity Microsoft Defender for Cloud Apps Microsoft Security Exposure Management Microsoft Defender Vulnerability Management Microsoft Defender Threat Intelligence Microsoft Defender Suite for Business Premium Microsoft Defender for Cloud Microsoft Defender Cloud Security Posture Mgmt Microsoft Defender External Attack Surface Management Azure Firewall Azure Web App Firewall Azure DDoS Protection GitHub Advanced Security Microsoft Defender for Endpoint Microsoft Defender XDR Microsoft Defender for Business Microsoft Intune core capabilities Microsoft Defender for IoT Microsoft Defender Vulnerability Management Microsoft Intune Advanced Analytics Microsoft Intune Endpoint Privilege Management Microsoft Intune Enterprise Application Management Microsoft Intune Remote Help Microsoft Cloud PKI Microsoft Purview Communication Compliance Microsoft Purview Compliance Manager Microsoft Purview Data Lifecycle Management Microsoft Purview eDiscovery Microsoft Purview Audit Microsoft Priva Risk Management Microsoft Priva Subject Rights Requests Microsoft Purview Data Governance Microsoft Purview Suite for Business Premium Microsoft Purview data security capabilities Pricing Services Partners Cybersecurity awareness Customer stories Security 101 Product trials How we protect Microsoft Industry recognition Microsoft Security Insider Microsoft Digital Defense Report Security Response Center Microsoft Security Blog Microsoft Security Events Microsoft Tech Community Documentation Technical Content Library Training & certifications Compliance Program for Microsoft Cloud Microsoft Trust Center Security Engineering Portal Service Trust Portal Microsoft Secure Future Initiative Business Solutions Hub Contact Sales Start free trial Microsoft Security Azure Dynamics 365 Microsoft 365 Microsoft Teams Windows 365 Microsoft AI Azure Space Mixed reality Microsoft HoloLens Microsoft Viva Quantum computing Sustainability Education Automotive Financial services Government Healthcare Manufacturing Retail Find a partner Become a partner Partner Network Microsoft Marketplace Marketplace Rewards Software development companies Blog Microsoft Advertising Developer Center Documentation Events Licensing Microsoft Learn Microsoft Research View Sitemap
Two people sitting at a desk looking at a computer.

Cybersecurity awareness tips from Microsoft to empower your team to #BeCyberSmart

By , Corporate Vice President, Microsoft Security

Tags

Content types

Topics

October is Cybersecurity Awareness Month, and I’m excited about what Microsoft and our partners in the industry have planned to help everyone stay #CyberSmart. 2022 may have offered some respite from the previous year’s rush to enable a remote and hybrid workforce, but the increased use of personal devices also left security professionals with even more endpoints to manage and secure. As illustrated by breaches like the March 2022 attack on Shields Health Care Group1 that impacted two million people and the April ransomware attack that became a national emergency for the Costa Rican government,2 we all need to be cyber defenders to protect what matters.

Technology can only do so much; it’s people who remain our greatest strength. That’s why Microsoft is taking this opportunity during Cybersecurity Awareness Month to help security professionals educate their employees on fundamentals highlighted by the National Cybersecurity Alliance, such as protecting their identities, updating their software and devices, and not falling prey to phishing schemes.3 Be sure to explore the resources and skilling opportunities in our Cybersecurity Awareness Month website, such as the #BeCyberSmart education kit with assets to help people to protect their data both at work and at home.

“People have become the primary attack vector for cyber attackers around the world, so humans rather than technology now represent the greatest risk to organizations.”—SANS 2022 Security Awareness Report

Security starts with awareness

In today’s boundaryless workplace, comprehensive security is essential. That kind of 360-degree protection requires education and awareness to safeguard identities, data, and devices. Awareness programs help enable security teams to effectively manage their human risk by changing how people think about cybersecurity and helping them practice secure behaviors. The SANS 2022 Security Awareness Report analyzed data from more than a thousand security professionals from around the world to identify how organizations are managing their human risk. The report found that more than 69 percent of security awareness professionals are part-time, meaning that they spend less than half their time on security awareness.

According to the SANS report, cybersecurity awareness professionals should endeavor to:

  • Engage leadership by focusing on terms that resonate with them and demonstrate support for their strategic priorities. “Don’t talk about what you are doing, talk about why you are doing it.”
  • Consider having a 10-to-1 ratio of technical security professionals to human-focused security professionals.
  • Partner with other departments in the organization—such as communications, human resources, and business operations—to help engage and communicate with your workforce.
  • Make the training simple to understand and follow. “Just like working out—it’s the frequency that’s important.” And dedicate time to collecting information about the impact of your awareness programs.

It’s up to each of us to #BeCyberSmart

In 2022, the most common causes of cyberattacks are still malware (22 percent) and phishing (20 percent).4 Even with the rise of ransomware as a service (RaaS) and other sophisticated tools, human beings remain the most reliable, low-cost attack vector for cybercriminals worldwide. For that reason, it’s vital that we all stay informed about how to prevent breaches and defend ourselves, both at work and at home.

Security practitioner authenticating access on a Surface tablet while preparing to work from home.

Here are some basic steps we can all take to #BeCyberSmart:

Phishing: Deceptive emails, phony websites, fake text messages—these kinds of phishing scams accounted for 30 percent of attacks in 2021.5 During Terranova’s annual Gone Phishing Tournament last year, 19.8 percent of participants clicked on the phishing email link, while 14.4 percent downloaded the fake document.6 So, how can we avoid taking the bait?

  • Check the sender’s email address for verifiable contact information. Common phishing tip-offs include a misspelled or unrelated sender address. If in doubt, do not reply. Instead, create a new email to respond.
  • Don’t click on links or open email attachments unless you have verified the sender.
  • For more tips, visit the Federal Trade Commission phishing site.

Devices and software: Unpatched, out-of-date devices and software are a leading access point for cybercriminals. That’s why practicing good cyber hygiene is so important for avoiding destructive malware that can steal users’ personal information. To help keep your devices safe:

  • Enable the lock feature on all your mobile devices.
  • Activate multifactor authentication on your sensitive apps and accounts.
  • Run antivirus software and install system updates immediately.

Scams: Criminals will often contact you seeking to “fix” a nonexistent problem. The email or text message will contain a sense of urgency, such as “Act now to avoid having your account locked!” If you see this type of message, do not click the link. And remember to always report any suspected scam so the organization can take action. A few tips to remember:

  • Be skeptical of unsolicited tech support calls or error messages requesting urgent action.
  • Do not follow any prompts to download software from any third-party website.
  • When in doubt, open a separate browser page and go directly to the company’s webpage.

Passwords: Passwords are our first line of defense against unauthorized access to accounts, devices, and files. However, the average person now has more than 150 online accounts; password fatigue is always a danger. Some tips on how to protect your passwords include:

Fostering a more diverse cybersecurity workforce

As of April 2022, there are more than 700,000 vacant cybersecurity positions in the United States, with a predicted 3.5 million cybersecurity positions going unfilled worldwide by 2025.7 That’s why Microsoft continues to reach out to students, veterans, people re-entering the workforce—anyone with an interest in becoming a cybersecurity defender. This year for Cybersecurity Awareness Month, we’re also acting on Microsoft’s initiatives to increase cybersecurity education access and help close the workforce gap. In partnership with the Last Mile Education Fund, Microsoft aims to reach at least 25,000 students by 2025 with scholarships and additional resources related to cybersecurity pathways.  

On October 7, 2022, we’re again hosting the Microsoft Student Summit, a virtual skills event designed to inspire higher education students toward a career in tech. This one-day event offers students the opportunity to engage with the Microsoft student developer community, hopefully providing inspiration and stoking a passion for innovation. We’re also continuing to help students move into real-world employment by offering learning sessions aligned to Microsoft certifications for security, compliance, and identity. Eligible students can take up to eight fundamental certification exams for free this academic year.

Helping to create the next generation of cybersecurity defenders is critically important, and we want to make sure the doors are open to everyone. That’s why we’re continuing our partnership with Girl Security, helping to empower adolescent girls, women, and gender minorities by demystifying cybersecurity and developing the in-demand skills needed for employment. Microsoft is also partnering with other organizations to leverage the message from this moment in October 2022 to bring more women to the industry, with a Community College Pathways to Cybersecurity Success webinar with Women in Cybersecurity (WiCys) and a virtual event with the Executive Women’s Forum focused on cybersecurity careers at Microsoft.

We’re always working on new educational initiatives, so stay tuned to our Security blog and check for updates on our cybersecurity awareness and education website.

Stay cyber smart year-round

Cybersecurity Awareness Month is a special time for us as we collectively come together—industry, academia, and government—to promote the importance of a secure online environment. We know that cybercriminals are persistent and driven, working all day, every day with no days off. That’s why we need to work together on awareness and education year-round and build a culture of cyber defenders. Please continue to visit our cybersecurity awareness and education website to learn more about cybersecurity education programs from Microsoft, and get our new cybersecurity education kit to use in your organization. Everyone has a role to play in cybersecurity, and when we learn together, we are more secure together.

Learn more

Explore our best practices and educational resources with our Cybersecurity Awareness website.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.

1Shields Health Care Group data breach affects 2 million patients, Bill Toulas. June 7, 2022.

2A massive cyberattack in Costa Rica leaves citizens hurting, Carla Rosch. June 1, 2022.

3National Cybersecurity Alliance.

4Alarming Cyber Statistics For Mid-Year 2022 That You Need To Know, Chuck Brooks. June 3, 2022.

5Verizon 2021 Data Breach Investigation Report, Verizon. 2021.

6Gone Phishing Tournament, Terranova Security.

7Cybersecurity Jobs Report: 3.5 Million Openings In 2025, Cybersecurity Ventures. November 9, 2021.

Vasu Jakkal

Vasu Jakkal

Corporate Vice President, Microsoft Security

Vasu Jakkal is a passionate champion of building a better, safer, and more resilient world for all. She brings over 20 years of technology industry experience to Microsoft, where she is responsible for Microsoft’s Security business which includes Security, Compliance, Identity, Management, and Privacy, including crafting the strategy, partnering to shape product roadmaps, and defining the go-to-market motions that help customers simplify and fortify their security posture. Jakkal is a dedicated advocate for diversity and for expanding the opportunities for women in all fields of technology.

 

 

See Vasu Jakkal posts

Related posts

Get started with Microsoft Security

Protect your people, data, and infrastructure with AI-powered, end-to-end security from Microsoft.

Learn how

Connect with us on social

Surface Pro Surface Laptop Surface Laptop Studio 2 Copilot for organizations Copilot for personal use AI in Windows Explore Microsoft products Windows 11 apps Account profile Download Center Microsoft Store support Returns Order tracking Certified Refurbished Microsoft Store Promise Flexible Payments Microsoft in education Devices for education Microsoft Teams for Education Microsoft 365 Education How to buy for your school Educator training and development Deals for students and parents AI for education
Microsoft AI Microsoft Security Dynamics 365 Microsoft 365 Microsoft Power Platform Microsoft Teams Microsoft 365 Copilot Small Business Azure Microsoft Developer Microsoft Learn Support for AI marketplace apps Microsoft Tech Community Microsoft Marketplace Marketplace Rewards Visual Studio Careers About Microsoft Company news Privacy at Microsoft Investors Diversity and inclusion Accessibility Sustainability
English (United States)
Your Privacy Choices Opt-Out Icon Your Privacy Choices
Consumer Health Privacy Sitemap Contact Microsoft Privacy Manage cookies Terms of use Trademarks Safety & eco Recycling About our ads