2025 Cybersecurity Awareness Campaign
2025 Cybersecurity Awareness Campaign
Embedded Files
Stay Safe Online, Build a Cyber Strong Wyoming!
Stay Safe Online, Build a Cyber Strong Wyoming!
October is Cybersecurity Awareness Month, an international initiative supported by the National Cybersecurity Alliance (NCA) and the Cybersecurity and Infrastructure Security Agency (CISA), together with partners across government, business, and education.
ETS is proud to once again join the Governor’s Office, the Wyoming Office of Homeland Security, the National Cybersecurity Alliance (NCA), and the Cybersecurity and Infrastructure Security Agency (CISA) in this international effort to build a safer digital world.
This year’s themes — “Stay Safe Online” (NCA) and “Build a Cyber Strong America” (CISA) — remind us that cybersecurity begins with simple, everyday choices. Whether you’re securing accounts at home or logging in at work, your actions help protect your family’s data, safeguard Wyoming’s services, and strengthen our nation’s resilience.
For Wyoming’s state employees, this connection is especially important. Strong cyber habits safeguard your family’s information at home while also protecting the services that keep our state running — from public safety and transportation to schools, healthcare, and licensing.
Throughout October, ETS will share tips and resources focused on the Core 4 online safety practices:
Throughout October, ETS will share tips and resources focused on the Core 4 online safety practices:
Use strong passwords and a password manager
Turn on multifactor authentication
Update your software
Recognize & report scams
By practicing these steps every day, you can help keep yourself, your family, and your workplace safe — while also strengthening Wyoming’s role in protecting the critical services our citizens depend on.
For more information about Cybersecurity Awareness Month 2025 and campaign resources, visit StaySafeOnline.org or follow #CybersecurityAwarenessMonth throughout October.
You can also explore additional cybersecurity best practices from our federal partner, the Cybersecurity and Infrastructure Security Agency (CISA), by visiting their website or following @CISAgov on social media.
Cybersecurity Awareness Month Events at ETS
Cybersecurity Awareness Month Events at ETS
Please note: These activities are exclusive to State of Wyoming employees.
Tuesday, October 28th — Cybersecurity Q&A at the Capitol
Tuesday, October 28th — Cybersecurity Q&A at the Capitol
Have questions about cybersecurity? Curious how threats impact your work — or what you can do at home? Get answers straight from the experts!
When: Tuesday, October 28, 2025
Time: 2:30-3:30 p.m.
Who: Open to all state employees
Bring your questions, your curiosity, and maybe even a coworker or two. This is your chance to hear from ETS's cybersecurity leaders in person, learn something new, and walk away more cyber-confident than ever!
CISO Coin - Front
CISO Coin - Back
All Month Long — CISO Coin Giveaway Challenge!
All Month Long — CISO Coin Giveaway Challenge!
Think training can't be fun? Think again.
Complete your KnowBe4 training in October and you’ll be entered to win one of 10 exclusive CISO coins — a collectible symbol of your commitment to cybersecurity.
Want better odds? Take all four trainings and your name goes in four times.
Plus, watch your inbox for a mystery challenge — three more coins will go to those who rise to the occasion.
Contest closes October 31, 2025.
When you take the KnowBe4 training during October, you'll be entered into a drawing to win one of ten limited-edition CISO coins!
Quadruple your chances and take all four trainings! These coins are a unique symbol of your commitment to cybersecurity and a great conversation starter.
These coins aren’t just cool collectibles — they’re a badge of honor and a conversation starter that shows you take cybersecurity seriously.
🪝Don't Get Hooked!
🪝Don't Get Hooked!
Phishing is the #1 way attackers strike. They don’t break in — they trick you into opening the door. The email looks like it’s from your coworker, HR, your bank, or even your favorite store. One click… and BAM! You’re on the hook.
This Cybersecurity Awareness Month, we’re upping our game — because phishing is still the #1 way attackers strike! Every week, we’ll spotlight a “Don’t Get Hooked” tip so you can spot red flags, stop scams in their tracks, and protect yourself on and off the clock!
This Week’s Spotlight: The Too-Reel Request
This Week’s Spotlight: The Too-Reel Request
Phishing emails often look like legitimate requests — invoices, password resets, or HR forms. Don’t let “looks real” fool you.
At work: If an email asks for money, credentials, or sensitive data, verify through a known phone number or trusted contact. Don’t reply or click until you confirm.
At home: If Amazon, your bank, or Netflix says “fix your account now,” go to the app or type the website address yourself — never use the email link.
Update Your Software
Update Your Software
That little pop-up asking you to update? It’s not just an interruption—it’s one of your best defenses. Software updates are a quick, powerful way to keep your devices secure, your data safe, and your technology running smoothly.
We’ve all clicked “Remind me later,” but those updates are often critical. As technology evolves, so do cyber threats.
Hackers are constantly searching for weaknesses, and even a small unpatched flaw can give them the opening they need.
What’s in an Update?
What’s in an Update?
Software updates aren’t just about new features. They often include:
Security patches – sealing cracks in the code before attackers exploit them.
Threat intelligence – building in defenses against the latest cyberattacks.
Performance improvements – making software faster, more stable, and reliable
The “Update Right Now” Mindset
The “Update Right Now” Mindset
It’s quick – Most updates finish in minutes, often in the background.
It’s proactive – Delaying leaves your device exposed; updating immediately shuts the door on attackers.
It protects everyone – At work, one unpatched device can put the entire network at risk.
Even if you have automatic updates enabled, it’s smart to check periodically and restart your devices when prompted. A short pause today equals stronger security tomorrow.
Bottom line: Don’t snooze the update—use it. It’s one of the easiest, most powerful steps you can take to protect yourself, your team, and our organization.
🪝Don’t Get Hooked: The Fake Fix
🪝Don’t Get Hooked: The Fake Fix
“Update now!” emails can be a trap. Attackers love to disguise malware as urgent updates for your software, browser, or apps. The goal? Get you to click before you think.
At work: Only install updates through the official IT process or your device’s settings — never from an email link. If something feels off, check with IT before clicking.
At home: Update your phone, computer, and apps using the settings menu. If an email or pop-up says “install immediately,” close it and update directly from the device.
Real fixes come from trusted sources — don’t take the bait!
Turn On Multi-Factor Authentication (MFA)
Turn On Multi-Factor Authentication (MFA)
Looking to level up your security? One of the fastest, easiest, and most effective ways is to turn on Multi-Factor Authentication (MFA).
It’s a simple extra step that creates a powerful barrier between your accounts and cybercriminals.
Why MFA Matters
Why MFA Matters
A single password is no longer enough. Cyber threats are constant, and stolen passwords are a top target for attackers. MFA strengthens your defense by requiring at least two methods to verify your identity:
Something you know – password or PIN.
Something you have – code from a phone, authenticator app, or security key.
Something you are – fingerprint, facial scan, or other biometric check.
With MFA, even if a criminal steals your password, they’ll still hit a wall.
What the NCA Recommends
What the NCA Recommends
The National Cybersecurity Alliance (NCA) highlights MFA as one of the most effective tools to secure your accounts. With many options available, the strongest methods include authenticator apps and security keys. Wherever it’s offered, the NCA urges you to turn it on.
Benefits of MFA
Benefits of MFA
Enhanced security – Stops attackers even if your password is compromised.
Peace of mind – Confidence that your data is better protected.
Easy setup – Most platforms offer MFA, and setup takes just minutes.
Take Action
Take Action
Enable MFA on both your work and personal accounts. By doing so, you’re not just protecting yourself—you’re strengthening the security of our entire organization. It’s one of the simplest steps you can take for one of the biggest security payoffs.
🪝Don’t Get Hooked: The MFA Misdirection
🪝Don’t Get Hooked: The MFA Misdirection
Phishers know passwords get stronger — so they target your logins in other ways.
One favorite trick? Flooding you with fake Multi-Factor Authentication (MFA) prompts until you slip and hit “approve.”
At work: If you get an MFA request you didn’t start, deny it immediately and report it. That means someone has your password and is trying to get in.
At home: If you get login codes or approval requests for accounts you didn’t touch, change your password right away and check account activity.
Don’t let a phisher wear you down — stay alert, stay off the hook!
Use Strong Passwords & Password Manager
Use Strong Passwords & Password Manager
In today’s connected world, your password is often the first—and sometimes only—line of defense protecting your information. This Cybersecurity Awareness Month, strengthen your defenses and become a human firewall.
A human firewall isn’t just about technology—it’s about smart habits that protect our shared information. And it starts with stronger passwords.
What Makes a Strong Password?
What Makes a Strong Password?
Unique to every account – Never reuse a password. If one gets stolen, attackers could use it to access everything else.
Long – Aim for 16+ characters. The longer it is, the harder it is to crack.
Random mix – Use a blend of letters, numbers, and symbols—not names, birthdays, or common words.
How Do You Remember Them All?
How Do You Remember Them All?
That’s where a password manager comes in. Think of it as a secure digital vault:
Stores all your complex, unique passwords in one place.
Protected by a single master password, plus extra layers like multi-factor authentication.
Lets you easily create and use strong passwords without memorizing them all.
Beyond Passwords
Beyond Passwords
Being a human firewall also means:
Spotting scams and phishing attempts.
Locking your workstation when you step away.
Storing confidential documents properly.
Reporting anything suspicious right away
Every small step builds a stronger defense—not just for you, but for everyone.
Know the Truth About Password Managers!
Know the Truth About Password Managers!
Despite the myths, password managers aren’t “putting all your eggs in one basket.” Unlike baskets, they use zero-knowledge architecture and support multi-factor authentication—meaning only you can unlock your vault. High-quality password managers are one of the safest and simplest tools to keep you cyber secure.
🪝Don’t Get Hooked: The Fake Login Page
🪝Don’t Get Hooked: The Fake Login Page
Attackers send urgent emails to rush you into a fake login screen: “Reset in 30 minutes or your account will be locked!” That pressure is the trap.
At work: Never enter credentials after clicking an email link. Instead, open a new browser window and type the address or use a saved bookmark. If the message screams urgency, verify with IT or the sender first.
At home: If a site says “act now,” pause. Open your app or type the address yourself. Use a password manager — if it doesn’t autofill, that’s your red flag.
Don’t let urgency or fake pages fool you — type it yourself and stay off the hook!
From the CISO's Desk — Navigating the New Frontier of Cybersecurity
From the CISO's Desk — Navigating the New Frontier of Cybersecurity
A message from Chief Information Security Officer Miguel Penaranda
As the state's Chief Information Security Officer, I'm often asked about the latest cyber threats, the ones that make headlines and disrupt our daily lives. While we're all familiar with ransomware and phishing, the reality is that the most significant threats on the horizon are far more complex and insidious, leveraging cutting-edge technology in ways most people don't see coming.
This Cybersecurity Awareness Month, I want to pull back the curtain on the future of cyber threats—the ones that keep CISOs up at night—and share why they require a new mindset from all of us.
The Invisible Threats of a Connected World
The Invisible Threats of a Connected World
The most profound challenge we face isn't just a bigger, faster virus. It's the silent, long-game threat posed by emerging technologies. The advent of quantum computing, for instance, is the single greatest long-term threat to our digital security. When fully realized, quantum computers will have the power to break the vast majority of our current encryption methods, including the ones that secure everything from our banking transactions to state secrets. This isn't science fiction; it’s a tangible threat that’s already inspiring "harvest now, decrypt later" attacks, where adversaries steal encrypted data today, betting on their ability to unlock it years from now.
But we don't need to wait for quantum leaps to see the future of cyber warfare. Artificial Intelligence (AI) is already here, and it’s a double-edged sword. While we're using AI to defend our networks, attackers are using it to supercharge their offenses. Gone are the days of misspelled phishing emails. AI can now generate hyper-realistic spear-phishing messages that are contextually aware and nearly impossible to distinguish from legitimate communication. More ominously, AI is being used to create autonomous and adaptive malware that can learn and evolve in real-time to evade traditional security defenses.
Beyond the Server Room: The Physical Threat
Beyond the Server Room: The Physical Threat
Another threat that many don't consider is the danger posed by the expanding Internet of Things (IoT) and the convergence of our IT and Operational Technology (OT) systems. Every connected device—from smart thermostats to industrial sensors—is a potential entry point for an attacker.
This is especially concerning because attackers are increasingly targeting our critical infrastructure. It's no longer just about stealing data; it's about causing physical damage and disrupting essential services. The systems that manage our power grids, water treatment plants, and emergency services were often designed decades ago without modern cybersecurity in mind. This makes them a vulnerable and high-value target for those who seek to cause chaos or hold entire communities hostage.
A New Mindset for a New Era
A New Mindset for a New Era
These aren't threats that can be solved with a single software update. They demand a fundamental shift in our approach to security, starting with a collective understanding of what's at stake.
As the CISO for the State of Wyoming, my team and I are already moving to address these challenges. It is our plan to start exploring quantum-safe cryptography to prepare for a post-quantum world. We are also deploying our own AI-powered defensive tools to fight fire with fire, enabling us to detect and respond to threats at machine speed - Although it has been a challenge. There are a lot of tools in the market that claim to be "AI powered". It is our job to distinguish hype from reality.
But our strongest defense remains our people. We must move beyond rote training and empower a culture of vigilance and skepticism. Every employee, every citizen, and every business is a critical component of our defense. By staying informed, challenging what looks suspicious, and understanding that cybersecurity is a shared responsibility, we can build a resilient digital infrastructure that stands strong against the threats of today and prepares for the challenges of tomorrow.
Page updated
Report abuse