My Dog Loves Avocados – Why This Could Be the Key to Staying Cyber Strong this October

October is Cybersecurity Awareness Month and a reminder for all organizations to audit their cybersecurity practices and all employees to evaluate their cyber habits. This year’s theme from the National Cybersecurity Alliance and CISA focuses on staying safe online, ultimately Building a Cyber Strong America. This month we will be exploring how organizations can build a culture of cyber awareness and leverage the latest tools and best practices the market has to offer to sustain a secure future.

Where to Start with Cyber Awareness Across Your Organization

The 2025 Verizon Data Breach Report indicates that:

• 22% of breaches began with credential abuse, making it the top initial access method.
• 88% of Basic Web Application attacks involved stolen credentials, often obtained through infostealers, leaks, or poor password hygiene.

While it may not seem like a complex issue to solve, mismanaged credentials still remain a top attack vector and a priority for all organizations.

What’s the common link in most data breaches? The human element.

Credential abuse and social actions—like phishing—were major factors in cyber breaches. Analysis of infostealer credential logs found that 30% of compromised systems were enterprise-licensed devices. However, 46% of the systems with corporate logins in their compromised data were non-managed—in other words, they were personal devices.

When we look across public sector, critical data, public works and essential infrastructure systems, and proprietary intellectual proprietary are all protected by logins – which is why password best practices are always the first step in a strong cyber culture.

My Dog Loves Avocados

What’s Your Password Catchphrase?

Applying NIST best practices to your passwords is an ideal first step to strong cyber hygiene. These practices for passwords suggest that the length of the password is the strongest indicator of safety. According to NIST, every additional character dramatically increases the number of guesses an attacker would need to try. For example, a one-character password made from lowercase letters would take at most 26 guesses. Adding a second character increases that number to 26 times 26, which is 676 guesses. An eight-character password would take about 200 billion guesses. While that may be too many for a human to guess, a modern laptop can make 100 billion guesses per second, so eight characters is actually not very secure at all.

NIST guidance recommends that a password should be at least 15 characters long. At 100 billion guesses per second, it would take a computer more than five hundred years to guess all the possible combinations of 15 lowercase letters.

While this is too many characters to memorize, it’s a great opportunity to make your password into a “passphrase.” A passphrase combines multiple real words together to create something that’s easier to invent and remember. And you can have a lot of fun with it. Make it funny or an inside joke or a series of words that only make sense to you, it’s a chance to be creative and protect yourself and your organization.

Eventually, getting organizations to a passwordless set up is the goal, but in the meantime, NIST best practices offer sound advice that make an immediate impact. So does your dog like avocados? It’s time to find out.