IE 11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

2023 Cybersecurity Awareness Month Appeal: Make Online Security Easier

Surveys show that most Americans think online security is too hard, confusing and frustrating. So as we prepare for Cybersecurity Awareness Month in October, the goal is to make cybersecurity easy.

blocks with locks suggesting cybersecurity
Shutterstock/Andrii Yalanskyi
National survey results are in from end users regarding personal cybersecurity, and the news is mixed.

First, the positive: 78 percent of people consider staying secure online a priority.

At the same time (and in the gray area), 57 percent of the population say they are worried about cyber crime.

Now the more challenging news with action items for the technology and cyber industries: 46 percent of end users feel frustrated with staying secure online, and 39 percent feel that information on how to stay secure online is confusing. Finally, 43 percent of respondents had never heard of multifactor authentication.


In response to this data and other industry trends, the Cybersecurity and Infrastructure Security Agency (CISA) and the National Cybersecurity Alliance (home to are trying to simplify messaging while keeping things positive regarding this year’s awareness month messaging.

The theme for October 2023 is “It's easy to stay safe online.”

You can watch a fascinating joint prep session here:
According to the Stay Safe Online website:

Cybersecurity Awareness Month 2023 will focus on four key behaviors all month long:

The goals for this year are to make actionable steps positive, approachable, simple and back to basics.


Recently, I saw this headline: "Phishing scams targeting small business on social media including Meta are a ‘gold mine’ for criminals." Here is an excerpt:

“Take it from Pat Bennett, an entrepreneur who sold granola in the Cleveland area and got about half of her sales through Instagram. The business was already under pressure from the rising cost and availability of sweeteners and oats when her business Instagram page, Pat’s Granola, came under attack.

“The attack looked innocuous. Bennett received a message on Instagram from a small-business owner she knows personally. Using a link, her acquaintance asked Bennett to vote for her in a contest. It was a legitimate contest, and it wasn’t unusual for Bennett to communicate with people on Instagram Messenger. As it turned out, it was an attack that went to everyone in her contact’s address book. Bennett lost control of her Instagram and Facebook accounts and hasn’t regained access, despite using all the channels Meta recommends.

“With help, she was able to track the IP addresses to Europe, but that wasn’t enough to avoid a worst-case scenario. Bennett received a letter saying she could regain control of her accounts if she paid close to $10,000. She declined to pay the ransom and had to start all over again.”

One of the things I find most interesting about this story, is that it easily could have happened a decade ago (with the possible exception of the name "Meta").

Phishing challenges have been around for years, and here are just a few of the examples from this blog over the past decade:

2013: States' top cyber challenge remains spear phishing
2015: What to Do About Phishing?
2016: Beyond Spear Phishing: How to Address Whaling and More
2016: How to Respond to Social Engineering Incidents
2018: Phishing Scams Targeting Pastors: Who’s Next?
2020: How Is COVID-19 Creating Data Breaches?

To bring this back to 2023, earlier this month Government Technology ran this story: New Haven, Conn., Tightens Cyber Controls After $6M Loss


Here are seven tips to help your children stay safe online from
  • "Apart from letting a parent or guardian know, never share your password with anyone. We recommend creating a strong and long password so no one can guess or hack into your accounts.
  • "Never download a file or software online without permission from a parent or guardian. Many attachments, files and software products may seem fine but can actually contain harmful malware viruses that are bad for your device. If in doubt, check with an adult.
  • "Use an anti-virus program and keep your devices secure from any potential threats.
  • "Have a parental lock on your devices or any websites that are not suitable for kids.
  • "Be wary of the people you talk to on social media. Not everyone is who they say they are on the Internet. For this same reason, never meet up with someone you have met on the Internet without a chaperone or your parent’s or guardian’s permission.
  • "Don’t believe everything you read online is 100 percent factual. “Fake news” is common on the Internet, with many people, outlets or websites spreading false information. Double check with adults or other sources, such as in a library, about what you are wanting to research or learn more about."


Here are some other great resources to help your organization get the word out on staying safe online in 2023:

CISA Resources:

Great TED Talk by Parham Eftekhari:

CYBSafe: Cybersecurity Awareness Month — Inspiration unlocked: 47 Cybersecurity Awareness Month ideas for 2023


As someone who has held enterprise roles as a state government enterprise CISO, CTO and CSO, as well as agency CIO, I certainly agree that this simplicity messaging is on track. During the years I worked as the CISO and chief strategist for security awareness company Security Mentor, we heard similar feedback regarding the importance of simple messages that were brief, frequent and focused content delivered in a fun way that was engaging and relevant.

I also agree that there are practical steps that everyone can take to protect themselves online, and we need to get that word out. Most people want you to teach them things they don't already know to improve online security.

My only fear with this 2023 approach is that some cyber attacks are in fact hard to detect and stop. As it's put in the recently released National Cybersecurity Strategy, “Today, end users bear too great a burden for mitigating cyber risks. Individuals, small businesses, state and local governments, and infrastructure operators have limited resources and competing priorities, yet these actors’ choices can have a significant impact on our national cybersecurity. A single person’s momentary lapse in judgment, use of an outdated password or errant click on a suspicious link should not have national security consequences. Our collective cyber resilience cannot rely on the constant vigilance of our smallest organizations and individual citizens.”

Nevertheless, as we think about what each front-line user needs to hear and do, I agree that we need to make online security easier to understand and clear on how to act.
Daniel J. Lohrmann is an internationally recognized cybersecurity leader, technologist, keynote speaker and author.