Cybersecurity Awareness Month 2025 starts today, and, as always, it’s a great time to take a look at your organization’s cyber practices.

Cybersecurity Awareness Month was launched by the National Cybersecurity Alliance (NCA) and the U.S. Department of Homeland Security (DHS) in October 2004 as a broad effort to help all Americans stay safer and more secure online, so it’s in its 22nd year! It’s now co-led by the NCA and the Cybersecurity and Infrastructure Agency (CISA), which was established within DHS in 2018.

This year’s theme is Building a Cyber Strong America, highlighting the need to strengthen the country’s infrastructure against cyber threats, ensuring resilience and security.

CISA recommends that businesses at all levels implement eight cybersecurity best practices and offers no-cost information, services and tools to help you get started.

Start Here: Four Essentials to Protect Your Business

Cybercriminals look for easy targets. Businesses without basic precautions are vulnerable. Start with these four essential steps to safeguard your data and enable your employees to stop attacks before they happen. 

1. Teach Employees to Avoid Phishing: Phishing tricks employees into opening malicious attachments or sharing sensitive information. Train staff to recognize and report suspicious activity. 
2. Require Strong Passwords: Strong passwords are a simple but powerful way to block criminals from accessing your accounts through guessing or automated attacks. Make them mandatory for all users. 
3. Require Multifactor Authentication (MFA): MFA—also known as 2-factor authentication—adds an extra layer of security beyond passwords. Require it to make accounts significantly more secure. Use phishing resistant MFA where available. 
4. Update Business Software: Outdated software can contain exploitable flaws. Promptly install security updates and patches to keep your systems protected. 

Next Step: Level Up Your Defenses

With the four essentials as your foundation, level up by implementing three additional practices.   

• Use Logging on Business Systems: Log activity so your team can monitor signs that threat actors may be trying to access your systems. Learn how to monitor key information to protect your business. 
• Back Up Business Data: Incidents happen, but when you back up critical information, recovery is faster and less stressful. Put a backup plan in place that aligns with your organization’s recovery point objective to protect your systems and keep things running smoothly. 
• Encrypt Business Data: Encrypting your data and devices strengthens your defense against attacks. Even if criminals gain access to your files, information stays locked and unreadable. Make encryption part of your security strategy.  

An Additional Step You Can Take

• Report Cyber Incident Information to CISA: When organizations and CISA share threat information, everyone is more secure. Report incidents to help CISA warn others and get information in return to help you stay ahead of threats. 

I’ll have more to come in recognition of Cybersecurity Awareness Month 2025. Even though eDiscovery Today is considered an eDiscovery blog, we have published 708 posts related to cybersecurity in less than 5 1/2 years! Cybersecurity, data privacy, information governance, artificial intelligence and eDiscovery are all intertwined these days. 🙂

So, what do you think? How would you gauge your organization’s cybersecurity awareness? Please share any comments you might have or if you’d like to know more about a particular topic.

Disclaimer: The views represented herein are exclusively the views of the authors and speakers themselves, and do not necessarily represent the views held by my employer, my partners or my clients. eDiscovery Today is made available solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Today should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.