CISA Offers Free Resources In Honor Of 21st Cybersecurity Awareness Month

October ushers in security awareness.

October is Cybersecurity Awareness Month, a campaign launched by the federal government in 2004.

The Cybersecurity and Infrastructure Security Agency rolled out a number of tools and resources for both private citizens and businesses this month.

For individuals and businesses, CISA advises taking four crucial security steps:

CISA is also encouraging businesses to connect with their regional CISA office to establish a partnership. That listing can be found here.

In addition, the agency is providing a "cyber hygiene" service. The service includes vulnerability scanning that constantly monitors "internet-accessible network assets" including public and static IP addresses, and web application scanning.

Organizations also can take CISA’s Cybersecurity Performance Goals (CPG) assessment. The CPG  falls in line with the National Institute of Standards and Technology’s (NIST) Cybersecurity Framework (CSF) functions, CISA said on its website.

The CPG helps organizations set a baseline and benchmark their security operations and defenses. CPGs are also broken down by sector, including health care, education, finance, energy and others.

Businesses can also refer to CISA's known exploited vulnerabilities catalog, which is constantly updated.

"CISA is excited to again partner with the National Cybersecurity Alliance and lead the federal government’s efforts to reduce online risk during this 21st Cybersecurity Awareness month and every month," said CISA Director Jen Easterly on the agency’s site. "Our focus is working with government and industry to raise cybersecurity awareness and help everyone, from individuals to businesses to all levels of government, stay safe online in our ever-connected world. Protecting ourselves online is about taking a few simple, everyday steps to keep our digital lives safe," she added.

However, one security expert cautioned that "awareness does not always translate into better security.

“Most cybersecurity awareness falls flat because it is typically not approachable or relatable. One size fits all doesn’t really work anymore,” Christina Morillo, who leads information security for the NFL's New York Giants, told MES Computing.

“For an effective approach, consider culture. You have to understand your organization’s culture, communication style and tailor whatever awareness training to that. Making content relatable, engaging and personal by using real-world scenarios/current news stores, interactive formats and infusing humor to create the type of content that resonates. Implement year-round learning that extends far beyond the one month dedicated to cyber awareness. Reinforcing key messages regularly is key,” she said.