With October’s Cybersecurity Awareness Month behind us, now is the perfect time to reflect on the lessons learned and the practices we should carry forward. Cyber threats didn’t end with the month; they continue to grow in sophistication and frequency. The encouraging part is that awareness, consistency, and proactive habits remain our strongest defense.

This year, our company focused on a four-part awareness series covering some of today’s most important cybersecurity topics from phishing and deepfakes to mobile device safety, AI risks, and workspace security. Since these subjects are valuable to everyone, we wanted to share the key information with you below.

Phishing has evolved far beyond the generic, poorly written scams we once recognized. Attackers now use AI-generated messages, cloned voices, and realistic branding to impersonate trusted contacts, company leaders, or vendors.

Modern phishing extends across multiple channels:

• Smishing: fake text messages from “banks” or “delivery services.”
• Vishing: phone calls posing as IT, finance staff, or your grandmother.
• Social media phishing: fraudulent messages and fake support accounts.

Key takeaway: Slow down before responding to anything that feels urgent or emotional. Confirm the request through a separate, trusted channel; a quick phone call can prevent a costly mistake.

With hybrid work now the norm, our security responsibilities extend well beyond the office walls. Both physical and digital habits make a difference.

In the office:

• Keep sensitive materials out of sight.
• Lock your screen when stepping away.
• Challenge or report unbadged visitors.

At home:

• Use company-approved devices and VPN connections.
• Avoid storing work files on personal drives or accounts.
• Change default passwords on home routers and smart devices.

Key takeaway: Whether you are working from a corporate office or your kitchen table, your actions play a vital role in protecting company data.

Smartphones give us flexibility, but they also introduce risk. Attackers increasingly target mobile operating systems, apps, and even messaging platforms.

• Enabling automatic OS and app updates.
• Reviewing and revoking unnecessary app permissions.
• Avoiding public Wi-Fi or connecting through a trusted VPN when on the go.

Key takeaway: Your phone is a gateway to both your personal and professional life, guard it like any other critical asset.

AI tools have quickly become a part of our daily workflow, helping us automate tasks and make better decisions. But they also bring new privacy and security concerns.

Best practices for using AI responsibly:

• Stick to company-approved and vetted AI tools.
• Limit what data you input; once submitted, you lose control of it.
• Be alert to AI-driven impersonation attempts using deepfake video or voice.

Key takeaway: AI can enhance productivity, but it requires caution. Think before you share, and never input confidential or regulated data into public tools.

Cybersecurity Awareness Month may be over, but the habits we’ve built shouldn’t end with it. Awareness isn’t a once-a-year campaign, it’s a mindset that protects people, assets, and our reputations every single day.

Let’s continue to:
• Stay curious and skeptical when something feels “off.”
• Report suspicious activity to your IT and security teams early.
• Keep learning as new tools and threats emerge.

The threat landscape will continue to evolve, and so must we.

Resources:

• https://www.cisa.gov/cybersecurity-awareness-month