OnPoint Perspectives: Cyber Trick or Treat – How to Stay Safe from Digital Haunts

3 minute read | Cybersecurity

OnPoint Perspectives: Cyber Trick or Treat - How to Stay Safe from Digital Haunts

Authored by: Jeff Mercurio, MS

Happy Halloween! Sadly, with this holiday comes the end of this year’s Cybersecurity Awareness Month—which I don’t think I could have recognized better this month in both my personal and professional lives by attending related events and incorporating fresh security strategies in my digital routines.

Cyber Hygiene

We all know cybersecurity is ridiculously important when it comes to reliably securing our information in digital environments, but most of us tend to very superficially consider the topic (and usually do only if we’re required to). “Change my password? Well… If it isn’t mandatory, why bother?” Organizations, companies, and agencies take a lead in actively enforcing good “cyber hygiene” on their employees by sending out reminder emails that they will no longer have access to their work profiles if they don’t comply and update their password in a certain amount of time—something I’m sure we’ve all experienced at some point.

But… can we all honestly say we implement the same regularly occurring protective strategies in our personal lives? Think about it, when was the last time you voluntarily changed your personal email password purely for security? And doing so only because Google told you your password had recently been in an information leak doesn’t count!

If you already utilize a password manager or service to help mitigate this seemingly daunting process, kudos to you! You are part of the 34% of the American population that does so, based on an article by Cybernews published earlier this year. A third of the population is a solid chunk… But cyber experts wish that number was WAY higher.

In addition, if multi-factor authentication (MFA) is merely a security option on an app or service we use, many of us consider it “inconvenient”, while cyber specialists unanimously think it should be required across the board. There is a significant disconnect between the two groups that share these opposite perspectives, and Cybersecurity Awareness Month is all about informing the public about the ways we are at risk if we don’t incorporate some of these secure methods into our lives outside of work.

This month, I was excited to attend multiple cyber-related events and learn a little more from each one about what it really means to have good cyber hygiene. It isn’t just about changing passwords; it’s about being aware of phishing attempts, financial scams, owning antivirus software, and even knowing the threats that come with connecting to those extremely convenient but unsecured WiFi networks we find sprinkled in public locations.

Cyber hygiene is about staying informed on the emerging digital threats that are becoming more sophisticated every day. Every time we hear about a new and impressive capability that has developed surrounding technology—such as rapid improvements in artificial intelligence—doubles as a new opportunity for bad actors to take advantage of and weasel their way into our data systems, potentially threatening the very infrastructure of the country and the safety of every American’s personal information.

Social Engineering

In fact, some of these attempts to extract our information can come in the form of what seems like a direct and legitimate request. For example, at this year’s SBA Cyber Summit held on Oct. 16, 2024, David Mayer (Staff Attorney at United States Patent and Trademark Office), recently described a scam that is currently ongoing with the impersonation of USPTO representatives. The scam includes receiving a phone call from what seemingly looks like a genuine number from USPTO and asking a person for their payment information over the phone.

This scam, like many others, heavily utilizes a form of social manipulation called “social engineering” as a powerful tactic to get people to willingly give their personal information away. In short, social engineering is a ploy used by subtly manipulating someone’s emotions and trust in order to get something valuable from them. Receiving a collections call from the USPTO—even if you’ve never interacted with the office before—elicits a fearful and cooperative response toward the scammer, allowing for a simple transfer of what we deem the most critical information never to be shared with anyone.

Cyber is NOT an After-Thought

Some acknowledge the critical importance of protecting digital environments and data, but don’t necessarily jump at the opportunity to incorporate measures that might “interrupt” or “impede” their ability to effectively contribute to their mission. Paul Selby (Chief Information Security Officer and Deputy, CIO at the Department of Energy) made a simple yet powerful comment at the ACT-IAC Cyber Summit 2024 held on Oct. 9, 2024, that we should all consider: “Cyber does not prevent the mission from being completed. Cyber has to be viewed as part of the mission.” This applies whether you’re safeguarding national infrastructure or protecting your home office. The principles remain the same: secure everything, assume nothing is safe, stay informed, and stay vigilant.

CALL TO ACTION: Strengthen Your Cyber Practices Today

The truth is cybersecurity isn’t something any of us can afford to ignore. The Secure Our World campaign by CISA makes it clear that we all have a role to play in protecting our data. It doesn’t matter whether you’re the CEO of a tech company or someone who only uses their phone to scroll through social media; having strong cybersecurity practices—using unique passwords, avoiding suspicious links, and regularly updating devices—can make all the difference.

Need a place to start with what you should be focusing on when implementing protective measures to secure your personal information? No problem, use the checklist below as a guide to getting started with it all.

Update Your Passwords: Go through your important accounts (email, banking, and social media) and change to strong, unique passwords for each.
Use a Password Manager: Install a trusted password manager, like 1Password or Bitwarden, to securely store and manage all your passwords and personal info.
Enable Two-Factor Authentication: Go to your account settings and enable 2FA on key accounts to add an extra layer of security.
Install Antivirus Software: Protect your devices by installing reputable antivirus software and run regularly occurring full scans to check for threats.
Update Your Devices: Check for and install any software updates on your smartphone, computer, and apps to ensure you have the latest security patches.

The digital world is an exciting place—encouraging more opportunities and informational resources than have ever existed before—but it’s also somewhat of a battleground. Cybercriminals aren’t slowing down; in fact, they’re just getting started. Every click, every transaction, every device we use provides a potential window for attack.

But we can fight back. We can be more aware, take simple steps, and educate those around us about the importance of having good digital habits.

Are you ready to defend yourself against the invisible threats in every click? It’s never too late to take action. Let’s secure our future together, starting today. Happy Cybersecurity Awareness Month from OnPoint Consulting!

Jeff Mercurio
Strategic Partnership Coordinator

Let’s connect! Bio