Building a Cyber Strong America: National Cybersecurity Awareness Month

October is Cybersecurity Awareness Month, and this year’s theme, Building a Cyber Strong America, highlights the need to strengthen our nation’s infrastructure against cyber threats, ensuring resilience and security. With government entities and small to mid-sized businesses playing a critical role in protecting infrastructure, cybersecurity is essential.

The Growing Cost of Cyber Threats

According to IBM’s 2025 research, the average cost of a data breach in the United States has reached $10.2 million, the highest in the world. These rising costs are fueled by:

• Increased regulatory fines

• Higher detection and escalation expenses

• The growing use of AI in cyberattacks—with 16% of breaches involving AI, often through AI-generated phishing (37%) and deepfake impersonation attacks (35%).

What is even more alarming is that a third of organizations faced regulatory fines after breaches, making prevention and preparedness more important than ever.

Why Cybersecurity Culture Matters

Strong cybersecurity isn’t just about protecting data—it’s about safeguarding the future of your business. Building resilience begins with clear policies that outline expectations, employee training on threats and prevention, leadership and IT engagement to drive accountability, and vendor and partner compliance to ensure security that extends beyond your business. At BCN Services, we understand these stakes. With over 10,000 worksite employees, protecting both our data and our clients’ data is mission-critical.

Best Practices for Protecting Your Business

From an HR and operational perspective, here are practical steps businesses can take to strengthen their cybersecurity posture:

1. Protect your network with up-to-date security software. A quality firewall is a must, as is encryption for your sensitive files.
2. Install quality antivirus and anti-malware software on all computers used for company purposes and set up regular scans.
3. Back up your files and databases regularly. If your files are ever compromised, you don’t want to lose everything. Having a recent backup will enable you to restore your data, allowing you to continue operating.
4. Train employees on your internet safety and security policy and procedures, your security software, recognizing potential security threats, and creating strong passwords. Training should also include your response plan.
5. Regarding passwords, avoid dictionary words. Use a combination of letters, numbers, and symbols. Phrases or long acronyms are especially difficult to decipher or break down.
6. Note in your policy what security measures employees should follow when they’re out of the office and not using your firewall and secure network.
7. Be extremely cautious of unexpected emails that ask you to click a link to log into an account to update information or fix a problem. These are likely fake and designed to steal valuable information.
8. Never enter credit card numbers or other valuable information on a website that is not secure. If a website is secure, its URL will begin with HTTPS, instead of just HTTP.
9. Double-check you’re on the site you intend to be on whenever entering valuable information.
10. Never email sensitive information, such as W-2s, benefit enrollment forms, completed census forms, or any documents containing social security or credit card numbers. Email databases and accounts are inherently insecure, and if malicious parties gain access, they can often view or obtain sensitive information.
11. Scammers may also pose as company executives or employees to steal information. If you receive a request to email any such sensitive information, do not respond to it.
12. When disposing of physical documents containing sensitive information, use a secure shredding company to ensure proper disposal and that documents related to an employee’s identity are securely destroyed.

Cybersecurity is a continuous effort. At BCN Services, we remain committed to safeguarding client data and ensuring compliance with legal standards. Through ongoing diligence and partnerships—including participation in industry-leading groups like HCM Defender—we stay a step ahead of cybercriminals operating across the internet and deep web.