By Sandra M.
Cybersecurity Awareness Month highlights the increasing significance of cybersecurity in our daily lives and encourages both individuals and businesses to take essential steps to stay safe online.
ActioNet is promoting and participating in the 21st Cybersecurity Awareness Month campaign. My name is Sandra Montiel, a recent addition to the ActioNet Innovation Center (AIC), your resource for cybersecurity initiatives. October is Cybersecurity Awareness Month, a global initiative dedicated to helping everyone stay safe and secure when using technology. Since 2004, the President of the United States and Congress have officially recognized October as a time for the public and private sectors to collaborate in raising awareness about the critical importance of cybersecurity.
From smart devices to connected home systems (IoT) and more, technology is deeply intertwined with our lives. As technology evolves, cybercriminals are equally determined to exploit vulnerabilities, disrupting both personal and business environments. For more than 20 years, Cybersecurity Awareness Month aims to highlight some of the emerging challenges that exist in the world of cybersecurity today and provide straightforward, actionable guidance that anyone can follow to create a safe and secure digital world for themselves and their loved ones.
Secure Our World
The theme of Cybersecurity Awareness Month is “Secure Our World,” which emphasizes the importance of cybersecurity best practices, such as recognizing and reporting phishing—still one of the primary tactics used by cyber criminals today. As criminals evolve their methods, phishing continues to be a prevalent threat, becoming increasingly sophisticated with the rise of generative AI (GenAI), which makes it more challenging for individuals and organizations to stay protected. What were once easy-to-spot phishing emails, marked by poor grammar or strange email addresses, are now harder to detect as AI enables attackers to craft highly convincing messages.
Here are some examples of new AI phishing scams along with tips to help you stay protected:
- Fake QR Codes: A newer form of phishing involves fake QR codes, which can be found not only in emails but also on websites, posters, flyers, and even product packaging. After scanning a code found in an email, text, postal mail, or on a flyer, some victims are directed to a website that requests personal information that can lead to identity theft, compromised passwords for online accounts, or downloads that track the user’s activity on the device. Scanning these codes can lead to malicious websites or trigger unauthorized actions on your device.
- AI-Generated Deepfakes: Cybercriminals are using AI to create realistic videos, images, or voice clips that appear to come from trusted individuals or organizations.
- Conversational Scams with AI Chatbots: AI chatbots are being used to engage in seemingly normal conversations to extract sensitive information or persuade targets to perform harmful actions. These scams can be difficult to detect as the AI can mimic human conversation patterns.
Protection Tips:
- Always verify the authenticity of any communication or request before taking action. Be especially cautious with QR codes, links, or attachments from unsolicited or unfamiliar sources.
- Utilize security features such as QR scanner apps, email filters, and browser extensions that can help detect phishing attempts by previewing links, detecting phishing sites, and alerting you to potential threats.
- Be cautious about sharing personal information online, especially in unsolicited chats or emails. Always ensure that the person or bot you are communicating with is who they claim to be.
- If you receive a suspicious communication, whether it’s a message, email, or even a phone call, cross-check it by reaching out to the person or organization through a known, secure channel.
- Be wary of any unexpected or unusual requests, especially those that seem urgent or out of character. Scammers often use urgency to pressure you into making hasty decisions. As a general rule of thumb, if you don’t expect it, reject it.
Cybersecurity Awareness at ActioNet
Every Action Counts in Cybersecurity. Cybersecurity is a shared responsibility. That’s why at ActioNet, we prioritize educating and engaging our team in safeguarding our digital environment by providing comprehensive security awareness training annually. This training includes how to identify phishing emails and empowers our employees to stay alert and informed. Additionally, we conduct quarterly phishing exercises using IronScales to test and strengthen our users’ ability to identify phishing emails in real-world scenarios. These phishing exercises are tailored with templates that carry a difficulty ranking, allowing us to progressively challenge users who consistently perform well. If a user clicks on a phishing link during these exercises, they are redirected to a brief, interactive training module via IronScales. This ensures that every interaction becomes a learning opportunity. These proactive measures are integral to safeguarding our digital assets and maintaining a secure environment for our clients and partners.
Incident Reporting at ActioNet
At ActioNet, your awareness and prompt action are crucial to maintaining our cybersecurity posture. If you encounter any security events, incidents, or vulnerabilities, or if you suspect phishing attempts, it’s essential to notify us immediately.
Please report immediately to ITSecurity@actionet.com if you:
- Observe any breaches in security policy
- Identify a potential weakness or vulnerability
- Encounter any attempts at unauthorized access to Information Systems (IS)
- Suspect that an account may have been compromised
- Lose an MFA/Authentication device, such as a cellphone
For suspicious emails (Spam/Phishing): Forward them to Spam@actionet.com or use the “Report Phishing” button in Outlook.
Cybersecurity Awareness Month Resources
Cybersecurity Awareness Month continues to build momentum and impact with the goal of providing everyone with the information they need to stay safer and more secure online. ActioNet is proud to support this far-reaching online safety awareness and education initiative which is co-managed by the Cybersecurity and Infrastructure Security Agency and the National Cybersecurity Alliance.
For more information about Cybersecurity Awareness Month 2024 and how to participate in a wide variety of activities, visit cisa.gov/cybersecurity-awareness-month and staysafeonline.org/cybersecurity-awareness-month/. You can also follow and use the hashtag #CybersecurityAwarenessMonth and #SecureOurWorld on social media throughout the month of October.