Back

Yes& General , Cyber Security

October is Cybersecurity Awareness Month

Rutrell Yasin

October is Cybersecurity Awareness Month.  

$870 Million. That was the staggering cost of the cyberattack against United Healthcare’s Change Healthcare subsidiary in the first quarter of 2024.  

According to CEO Andrew Witty, the data breach was caused by insufficient use of MFA, or multifactor authentication. Hackers stole a password unprotected with MFA—an additional verification step such as entering a code sent to a phone or authentication app—and used it to breach Change Healthcare’s computer network. They installed ransomware that disrupted payment and claims processing. 

United Healthcare was not alone. Findings from the Identity Theft Resource Center (ITRC) indicate a 1,170% increase in data breach victims from the second quarter of 2023 to the same period this year. More than 1 billion corporations and individuals became data breach victims in the first half of 2024, a 490% increase over the first half of 2023. 

Yes& is joining with its cybersecurity clients in recognizing October as Cybersecurity Awareness Month, because awareness is the single best tool in keeping people and organizations safe from online threats. Like the breach at United Healthcare, the great majority of cyberattacks could be prevented with four simple steps identified by the Cybersecurity and Infrastructure Security Agency (CISA). 

  • One: Use Strong Passwords. Passwords that are easy to remember are, unfortunately, very easy to steal. The risk multiplies when a password is reused for different applications and websites. Use unique passwords with a mixture of capital letters, numbers, and special characters. A password manager app can make this practical. 
  • Two: Turn on MFA. Yes, it’s a nuisance to have to refer to a second device when accessing a password-protected site, app, or network—but as United Healthcare discovered, it’s worth the trouble. Almost every sensitive online system offers MFA as an option now. 
  • Three: Recognize and Report Phishing. Cybercriminals now use artificial intelligence (AI) to craft highly convincing, personalized phishing scams. These AI-generated messages often feature near-perfect grammar, accurate company branding, and tailored details about the recipient. Use the cybersecurity principle of “zero trust”—never trust an online link or attachment by default.  
  • Four: Update Software. Software engineers make constant upgrades to remove vulnerabilities. Set your programs for automatic updates if possible, and regularly review apps to make sure you have the most current versions. 

These four steps have two things in common: They’re highly effective; and they require a change in behavior that few individuals or employees are likely to make without a strong nudge.  

Yes& has worked with many clients to help motivate safe behaviors. If you want to gain the benefit of greater cybersecurity in your company, organization, or agency, celebrate  Cybersecurity Awareness Month by consulting with Yes& about a cybersecurity campaign or initiative. 

 

 

   

SUBSCRIBE TO THE AMPERSAND NEWSLETTER FOR INSIGHTS FROM YES&:

Yes& is the Washington, DC-based marketing agency that brings commercial, association, and government clients the unlimited power of “&” – using a full suite of branding, digital, event, marketing, public relations, and creative capabilities to deliver meaningful and measurable results.

Let’s talk about what the power of "&" can do for you.

Rutrell Yasin
Rutrell Yasin
Senior Writer and Content Strategist