Synergent Blog

October is Cybersecurity Awareness Month

Oct 4, 2024 | Blog, Partners, Security

This October is the 20th year commemorating Cybersecurity Awareness Month. “Since 2004, the President of the United States and Congress have declared the month of October to be Cybersecurity Awareness Month, a dedicated month for the public and private sectors to work together to raise awareness about the importance of cybersecurity” (CISA.gov). Learning the latest ways to stay safe online and educating both staff and members are effective steps to take.

Synergent remains dedicated to raising cybersecurity awareness and urges credit unions and their members to take cybersecurity seriously. We can all take action to protect our sensitive data, both at the business level and at home with our families.

Our friends at KnowBe4 shared the following tips:

Stay Safe In and Out of the Office

  • Only use secure devices, and only use your work devices for work. Remember that your device is only as secure as the apps that are running on it. Never install an application or plugin without first checking with your IT department.

  • Protect your physical workspace. At the office, watch out for piggybacking and tailgating. Be suspicious of anyone who you do not recognize and don’t be afraid to ask for identification. When working from home, keep all sensitive information out of sight of unauthorized persons, including family and friends. Always lock your computer when you leave your desk.
  • Think before your click. Never click a link or download an attachment you weren’t expecting. When an email asks you to log in to an account or online service, navigate to that service through your browser. Never click the link in the email. Navigating to the site directly ensures that you’re logging in to the real website and not a look-alike site. When in doubt, call the sender of the email to be sure the request, link, or attachment is legitimate. Do not call the phone number provided within the email as it may be a fake number.

Know How to Handle Suspicious Email

  • Don’t Reply to the Email. Even if the email appears to come from someone you know, if it appears suspicious, the person who replies back to you may not be who you expect: It could be a cybercriminal.

  • Don’t Forward the Email. The best practice is to never click a link or open an attachment that you were not expecting. However, if you are fooled by a phishing email and you click a malicious link or open a malicious attachment, you may find that the link or attachment will not behave as expected. For example, if you open a suspicious image attachment, the file may actually open an installation window. Or, if you click a malicious link, the link may redirect you to a fake login page.

    If the link or attachment is suspicious, you may think about forwarding the email to a coworker for help. However, forwarding the email to a coworker could increase the risk. If you click on a link or open an attachment, consider any unusual behavior as a red flag. Never forward unusual or suspicious emails to other users. If you forward a phishing email, you increase the risk of a security breach because your coworker may click the phishing link as well.

  • Don’t Mark the Email as Spam. While spam emails may be annoying, they are usually harmless. However, a phishing attack is a malicious email designed to look like a legitimate message. Phishing emails typically include a call to action, such as clicking a link, opening an attachment, or even transferring money. If you mark a suspicious email as spam, the email will be moved to a different folder along with any other emails from the same sender. So, if you move the suspicious email to a spam folder, the email will be hidden. However, the problem will not be resolved.

Secure Your Mobile Device

Scammers are increasing their attacks on mobile devices and targeting your phone using malicious applications. Using these methods, they can steal personal and business information without you having any idea what’s going on.

Always remember these best practices to minimize the risk of exploits to your mobile devices:

  1. Ensure your phone’s operating system is always up to date. Operating systems are often updated in order to fix security flaws. Many malicious threats are caused by security flaws that remain unfixed due to an out-of-date operating system.
  2. Watch out for malicious apps in your app store. Official app stores regularly remove applications containing malware, but sometimes these dangerous apps slip past and can be downloaded by unsuspecting users. Do your research, read reviews and pay attention to the number of downloads it has. Never download applications from sources other than official app stores.
  3. Ensure applications are not asking for access to things on your phone that are irrelevant to their function. Applications usually ask for a list of permissions to files, folders, other applications, and data before they’re downloaded. Don’t blindly approve these permissions. If the permission requests seem unnecessary, look for an alternative application in your app store.
  4. No password or weak password protection. Many people still don’t use a password to lock their phone. If your device is lost or stolen, thieves will have easy access to all of the information stored on your phone.
  5. Be careful with public WiFi. Scammers use technology that lets them see what you’re doing. Avoid logging in to your online services or performing any sensitive transactions (such as banking) over public WiFi

Be Aware of the Dangers of AI Art and Deepfakes

AI art is generated using billions of images and examples of art. When you enter a prompt, the AI art generator builds an image for you by combining many of these examples into a single image.

Deepfake technology is similar, but it involves manipulating real photographs and videos of people and places. This technology can make it look like a person did or said something that they never did. Both technologies can be used in a harmless way, but cybercriminals have learned to use them maliciously.

Follow the tips below to keep yourself safe from AI art scams:

  • AI-generated images often have subtle differences or mistakes. Keep an eye out for anything in the photograph that appears to be unusual. A hand with more than five fingers or a photograph with strange lighting or shadows are common signs that an image was created with AI.
  • Always stop and think before clicking or taking action. If a photograph or image seems bizarre or too good to be true, it could be a scam.
  • When possible, verify the claim in a different location. For example, if you see a video with a celebrity endorsement, check that person’s official website for proof that they are actually involved with the product.