Cybersecurity Awareness Month is an annual event observed every October to promote awareness of cybersecurity and encourage safe online practices.
The day was established in 2004 by the US Department of Homeland Security and the National Cybersecurity Alliance.
It serves as a platform to educate individuals and organisations about the importance of protecting their digital information.
The Cybersecurity Awareness Month serves as a call to action for individuals and organisations to take responsibility for their cybersecurity and create a safer digital world for everyone.
This is through promoting personal empowerment, practical security measures, community engagement, access to educational resources and ongoing learning.
The theme this year, 'Secure Your World' focuses on empowering individuals and organisations to take actionable steps toward enhancing their cybersecurity posture.
The theme further emphasises individual responsibility, that everyone has a role in securing their personal and professional digital environments.
Senior Software engineer in web, and back-end systems Barnabas Jomo encourages individuals to recognise common threats such as phishing, malware, and social engineering, and understand how these risks can impact their lives.
He notes that one should be cautious of unexpected emails or messages asking for personal information and look for signs such as poor grammar, suspicious links, and unfamiliar sender addresses.
“Always check and verify the source by contacting the organisation or person directly through official channels before sharing any details back with them,” Jomo advises.
He calls for basic cyber hygiene such as creating strong, unique passwords and using password managers and regularly updating software and applications to protect against vulnerabilities.
He also advises users to be cautious with email links and attachments to avoid phishing scams and encourages the use of security features like firewalls, antivirus software, and encryption for sensitive information.
Jomo says using strong, unique passwords is essential to prevent unauthorised access to your accounts, and provides protection from financial fraud and identity theft.
“A strong password typically includes a mix of letters, numbers, and special characters. Consider using password managers like LastPass or 1Password, which can generate and store complex passwords securely for you,” he says.
He also notes that public WiFi networks are often unsecured, making it easier for hackers to intercept your data. “To stay safe, avoid accessing sensitive information like banking or personal accounts on public wifi,” Jomo cautions.
“Use a Virtual Private Network (VPN) to encrypt your internet connection and ensure your data remains private,” he continues.
On how organisations can foster a culture of cybersecurity awareness among their employees, Jomo advises that organisations should provide regular training and updates on cybersecurity best practices.
“Encourage employees to recognise and report suspicious activities, establish policies for data protection, use the principle of least access (one access only information they need to get their work done and not all org info) and promote the use of strong passwords,” he notes.
Jomo raised a concern about an increase in ransomware attacks and more sophisticated phishing schemes.
“The rise of the Internet of Things (IoT) means more devices are connected, increasing potential entry points for hackers. Artificial intelligence is also being used both to enhance security measures and by cybercriminals to create more advanced threats.”
He recommends online courses and resources available, such as those offered by Coursera Udemy.
Local workshops and seminars can also be beneficial, he says.
“Additionally, following reputable cyber security blogs and news sites will keep you informed about the latest threats and protection strategies,” the expert says.
He calls on users to stay updated by following official sources like the Kenya Computer Emergency Response Team (KE-CIRT) and international organisations such as the Cybersecurity and Infrastructure Security Agency (CISA).
He also advises that users subscribe to newsletters, join online forums, and follow cybersecurity experts on social media to receive timely information and tips.
