IT to Provide Advice on Keeping Data Safe During Cybersecurity Awareness Month

October is National Cybersecurity Awareness Month, an annual collaboration between government and industry to raise awareness about the importance of cybersecurity.

Cybersecurity is defined as “the protection of computer systems and networks from attacks by malicious actors that may result in unauthorized information disclosure, theft of, or damage to hardware, software or data.”

“Wherever there’s technology, there needs to be cybersecurity,” said Aaron Foechterle, Exchange data security technology analyst. “And technology is everywhere—in the office, whether it’s physical or mobile; on your personal computer; in the phone in your pocket; and more.”

Cybersecurity is vital to protecting the Exchange’s financial information—and your own financial information, as well as your personal information.

During the month, the Exchange’s IT directorate will send weekly emails detailing a particular cybersecurity-related topic. Beginning with this overview, the Exchange Post will publish cybersecurity-related stories throughout the month.

“We’ll cover four ways to stay safe online: best password practices and multifactor authentication; phishing awareness; the role of AI in social engineering; and keeping your mobile devices safe from cyberattacks,” Foechterle said,

IT encourages associates to be vigilant year-round but puts an extra emphasis this month on informing you about the hows and whys of protecting information—both at work and a home. Here’s a breakdown of the topics:

Password best practices and multifactor authentication: How to create a strong password to thwart online criminals from accessing your accounts—and why you should use a different password for every account you use. The topic will also cover password managers, which can help you keep track of all those different passwords.

As recently detailed in an Exchange Post column by Executive Vice President/Chief Information Officer Chad Lucas, the Exchange is working with a new IT service management company called Okta to develop a more secure password-reset process for associates.

Another upgrade in the password-reset system is that now the process includes two-factor authentication.

During the same week, IT will cover why you should use multifactor authentication—which could include a code sent via text or email, fingerprints, facial recognition or other methods—that confirms your identity when you log on to an account. The IT team will also provide info on how to turn on MFA—and why you should use it on any site that offers it.

Recognizing phishing: Phishing scams are online messages designed to look like they’re from a trusted source. They are usually done via an email or text that includes a link, attachment or image that, if clicked on, can expose a user to malware or to a scammer looking for personal data. The IT team will provide tips on how to recognize phishing attempts and what to do about them.

If you get an email in your Exchange Outlook inbox that you suspect is phishing, click on the “Report Phishing” button at upper right. IT regularly sends out test phishing emails that test and improve your phishing awareness. You can also forward the email to SpamReporting@aafes.com. After you’ve reported the email, delete it immediately.

The role of AI in social engineering: Artificial intelligence, or AI, is a hot topic right now—and bad actors are using it to make social engineering attacks more effective.

“This is a new threat that’s currently being utilized, but it’s not widespread,” Foechterle said. “But we want associates to be aware of it.”

IT will address tactics bad actors use:

• Using chatbots to generate convincing email messages
• Using AI image generation to create convincing profile pictures
• Using AI voice replication to impersonate others during voice phishing schemes
• Using deepfake AI-generated video to impersonate upper management and other employees

Keeping your mobile devices safe from cyberattacks

If you have a smartphone, you’re basically walking around with a computer in your pocket—and it’s a target for bad actors, because phones often contain valuable and sensitive data.

“We wanted to put the focus on mobile devices, because people use them every day,” Foectherle said. “They don’t just use them for texting and calling, they use them to purchase things. Bad actors are targeting phones, because they don’t always have the same security controls that we have on our laptops. Phones are more vulnerable—and people are tending to use them more than laptops or desktop computers.”

There are things you can do to protect your data. IT will cover:

• Properly configuring wi-fi settings
• Proper app usage
• Safe browsing
• Properly configuring Bluetooth settings
• Text message phishing (“smishing”) awareness and best practices
• Phone call voice phishing (“vishing”) awareness and best practices

Follow ExchangeAssoc Facebook, Instagram and X throughout October for posts on Cybersecurity Awareness Month topics. Hashtags: #CybersecurityAwarenessMonth and #SecureOurWorld.