The Cybersecurity and Infrastructure Security Agency launched its first-ever national public service campaign to raise awareness of cybersecurity in local communities, including for families and small businesses. 

The Secure our World campaign is designed to teach people and businesses in local communities how to stay safe online. The campaign includes public service announcements on television, digital content, cyber toolkits and other resources. 

The goals are based on four main objectives: 

• Encourage the use of strong passwords, including the adoption of password managers.
• Use multifactor authentication to protect important data, especially email accounts, financial information and social media accounts. 
• Help people recognize and report phishing scams. 
• Enable users to automatically update software, as unpatched software is vulnerable to cyberattacks. 

The campaign is part of a larger focus by CISA and the Biden administration to boost cyber resilience among the so-called target rich, resource poor that lack the money or educational background to fight off sophisticated cybercriminals and rogue nation-states that have been targeting American industries, small governments and ordinary citizens. 

“It is very challenging to get the public – particularly those outside of security – to take cybersecurity more seriously,” said Allie Mellen, principal analyst at Forrester. “It’s not often seen as a priority for everyday citizens, which is why it’s critical that this campaign is simple and direct – something CISA is doing quite well.”

During the rise of ransomware and supply chain attacks in recent years, CISA and other federal officials founds that hackers have increasingly attacked small businesses, schools and other under resourced organizations to steal credentials, personal information and other data that can be then used for attacks against larger organizations that have large security budgets and onsite security teams. 

Local governments and small businesses often use out-of-service and unpatched operating systems and software. Small companies frequently lack any type of formal cyber hygiene training for workers and many workers continue to work remote using vulnerable networking hardware and unsecured wireless networks.