Cybersecurity Awareness Month 2020: Do Your Part. #BeCyberSmart

Five years of Cybersecurity Awareness Month. Five years of this blog. And 2020 has been the most challenging cybersecurity year in history, not because of any single attack, but because the pandemic transformed the entire threat landscape overnight.

This year's theme is "Do Your Part. #BeCyberSmart." In a year when "do your part" has taken on life-or-death meaning, the message resonates differently.

The 2020 Scorecard

What we're doing well:

• Cloud adoption accelerated, giving practices more resilient infrastructure
• Telehealth adoption created new patient access options that will persist
• Security awareness is at an all-time high (pandemic phishing made it personal)
• Two-factor authentication is approaching ubiquity

Where we're falling short:

• Ransomware attacks and payments both at record highs
• Remote access deployed too quickly without adequate security
• Healthcare targeted more aggressively than ever
• Phishing success rates remain stubbornly high despite awareness

Five Actions for Five Years

We've been doing this for five years. Here are the five actions that matter most, validated by half a decade of evidence:

1. Enable 2FA everywhere. Still the single most effective defense against account compromise. After five years of evidence, this is settled science.
2. Test your backups monthly. Not "check that the backup ran." Test a restore. Verify the data is complete and uncorrupted.
3. Patch within 48 hours of release. The window between patch release and exploit development is shrinking. Patch fast.
4. Train your team quarterly. Annual training isn't enough. Quarterly reinforcement with simulated phishing keeps awareness current.
5. Have a written incident response plan. Five years of writing, and this remains the most commonly missing element. Write the plan. Share it with your team. Practice it.

Do your part. Be cyber smart. We'll keep writing. You keep reading. Together, we keep practices safe.