Each year, October is National Cybersecurity Awareness Month in the U.S. and European Cybersecurity Month in Europe. It’s the perfect reminder to look at old and new cyber risks and how to keep them from jumping out and yelling “boo” at your business.

Let’s revisit a few security basics, add a few 2025 realities, and explore some often-overlooked steps you can take today to strengthen your defenses.

1. User Training: The Holy Grail of Security

Creating awareness never gets old. This is the Holy Grail in security. Not the malicious insider type (we’ll get there), but the careless user who:

  • Clicks every cat picture that hits their inbox
  • Opens “urgent” emails from unknown senders
  • Downloads a “helpful” desktop background that turns out to be an executable file

In 2025, AI-powered phishing tools make these mistakes even easier to trigger. Attackers can now scrape your LinkedIn profile, mimic a coworker’s writing style, and send a message so convincing you’d think it came from your office mate down the hall.

Tip: Run regular phishing simulations, provide instant feedback when someone clicks, and keep training relevant. Tools like the SolarWinds Cybersecurity Awareness Resource Center are a great place to start.

2. Ransomware: Still a Thing (Unfortunately)

Ransomware isn’t going anywhere. In fact, modern strains can encrypt files faster than ever. By the time you notice, your data may be gone, your machine unusable, and your only friend the Format C: command.

What’s more, many ransomware groups have moved beyond simple encryption. Double extortion attacks threaten to leak stolen data if a ransom isn’t paid, while triple extortion adds the threat of attacking your customers or partners to pressure you further. These tactics increase the stakes for organizations that already face a tough decision in the middle of a crisis.

The fix:

  • Back up user and home folders to a secure, remote location
  • Sync with a trusted SaaS storage solution
  • Educate users on what isn’t covered by those backups

Remember, a backup that lives in the same environment as your production data is just a very expensive paperweight when ransomware strikes.

3. The Ongoing Risks of Remote Work

Since 2020, remote and hybrid work have been standard. By now, IT has nailed device management, but the environment around those devices is still a wild card. Weak Wi-Fi passwords, poorly configured home routers, and a zoo of Internet of Things (IoT) gadgets all introduce risk.

To make matters worse, attackers are now using AI to generate deepfake voices and videos for social engineering. Imagine a remote employee getting a video call from someone who looks and sounds exactly like their boss, asking them to bypass a control “just this once.” Without proper verification protocols, these scams can be dangerously convincing.

We can’t realistically inspect every smart fridge, thermostat, or voice assistant. But we can:

  • Enforce VPN connections
  • Require multi-factor authentication (MFA) for all critical business systems
  • Monitor endpoints for unusual activity with tools like SolarWinds® Endpoint Detection and Response

These steps help keep corporate data safer, even when it’s surrounded by unsecured devices.

4. Free Tools: Why Are They Free Again?

We all love free. Free PDF mergers. Free diagram creators. Free automated translation tools. But here’s the question: what’s happening with the data you upload?

If you can’t confidently answer that, you’re already taking a risk. The safer approach is:

  • Block access to unvetted tools via policy
  • Offer secure, approved alternatives (often reasonably priced)
  • Use a multi-layered security strategy to meet compliance and data protection requirements

Sometimes spending a little money on a secure tool is far cheaper than cleaning up after a data breach.

5. Budgets on Ice: Doing More with Less

IT budgets have never been limitless, but since 2022, many have faced freezes or cuts. Even if you can find qualified talent post the “Great Resignation,” you may not have the funds to hire them.

When money is tight:

  • Consider reputable open-source tools where possible
  • Invest in automation to eliminate repetitive tasks
  • Prioritize solutions that give visibility across multiple systems, such as SolarWinds® Observability Self-Hosted

It’s not just about survival — it’s about efficiency.

6. Insider Threats: The Malicious Kind

Budget constraints, no bonuses, and limited raises can create frustration. In some rare cases, that frustration turns into deliberate sabotage. An insider with legitimate access can often cause more damage than an external attacker.

To mitigate the risk:

  • Enforce the principle of least privilege
  • Audit and double-check permissions regularly
  • Deploy data loss prevention (DLP) solutions to flag suspicious file transfers

    • While you can’t always predict insider threats, you can make it harder for them to succeed.

    A Cybersecurity October Worth Celebrating

    So, what do we do now that October has rolled around? Dress up as ransomware? Tough one. Nobody knows what it looks like. Maybe go as a virus? Probably still too soon. A log file? Well, that joke might only land with your SysAdmin friends (UDP punchline optional).

    Joking aside, National Cybersecurity Awareness Month is a good reminder that security is everyone’s job and that the scariest threats are often the ones hiding in plain sight. By focusing on user education, strong backups, secure remote access, vetted tools, smart budgeting, and insider risk management, you can turn October into a month of resilience rather than fear.

    This blog was first published on October 3, 2022