Cyber awareness month: the one habit that matters most
Why awareness matters
As Cyber Awareness Month wraps up, it's worth asking: how many people even realised it was happening? For those of us in the industry, it's a busy time, sharing tips, running campaigns, and urging businesses and employees to "do their duty." But for everyone else, cyber security can feel like someone else's problem... until it's not.
Let's be honest. None of us asked to live in a digital world built on technology that's fundamentally insecure. The internet grew from an academic tool into the backbone of modern life, but security was never its foundation. Consequently, today we face risks not just from hackers, but from organised crime groups, and even some governments. The reality is, the responsibility to protect ourselves, our businesses, and our livelihoods increasingly falls on us, the end users. That's not ideal, but it's where we are.
Why human behaviour is currently the weakest link
After 15 years in information security, I've seen threats evolve. While technical controls and physical safeguards are essential, attackers have learned that today, the easiest way in is through people. Human behaviour is now the most exploited vulnerability. Look at the stats. According to the UK Cyber Security Breaches Survey 2025, phishing accounted for 85% of breaches or attacks in the last year, making it the most disruptive type of incident. Attackers know that manipulating people is easier than hacking technology.
So, what can we do? Some of it comes down to personal responsibility, but real change also requires political and regulatory action. Do we want a world where big tech calls all the shots? Do the benefits outweigh the risks? These are big questions, but let's focus on what we can control.
The overload problem
Cyber awareness campaigns often list a dozen things we "should" do. Even the US President recently encouraged Americans to use strong passwords, enable multifactor authentication, report suspicious emails, back up data, and keep software updated. It's good advice—but let's be honest, most people will skim it and think, "I do most of that already." As a result, these campaigns rarely change behaviour in a meaningful way.
If I had to pick just one habit to embed in everyone's daily routine, at work and at home, it would be this: be sceptical of any unexpected message - especially if it urges you to act quickly. Whether it's an email, text, or phone call, pause and verify the source. If you're unsure, don't act.
Practical steps
Pause before you click: don't let urgency override caution.
Verify the sender: if something feels off, check with the person or company directly, using contact details you trust.
When in doubt, don't act: it's better to be safe than sorry.
For more practical advice from Citizen's Advice, see this.
Bottom line: If you do nothing else this Cyber Awareness Month, make scepticism your default setting. It's the single most effective way to protect yourself and your organisation from today's most common cyber threats.
If you're looking for low-cost, effective solutions to raising awareness in the way that matters most to your business, contact CyberSolver for a free 30-minute consultation.