Cybersecurity Awareness Month – 6 Important Reminders

Have your cybersecurity practices kept up with evolving risks? October is Cybersecurity Awareness Month, and it’s a good time to reassess your cybersecurity practices and to help your clients do the same.

Here are six reminders to help you and your clients stay safe.

1. Passwords should be strong and unique.

Although it used to be common wisdom that you needed to change your passwords regularly, PC Magazine says this is no longer the case – as long as your passwords haven’t been compromised, and as long as they’re good passwords.

A good password needs to be strong. According to CISA, a simple password like 12345 or the name of a pet is too easy to guess. Instead, the best passwords are a long (at least 16 characters) and either a random string of mixed-case letters, numbers and symbols or a memorable phrase of four to seven unrelated words.

Your passwords should also be unique. Although reusing the same password across multiple accounts makes it easier to remember, if one account is hacked, all your accounts will be at risk. You can use a secure password manager to make it easier to keep all your strong, unique passwords. See Wired’s list of the best password managers.

2. Multifactor authentication is important, too.

No matter how strong your password is, there’s a chance it could be exposed in a data breach. That’s why it’s also important to use multifactor authentication. Yes, adding multifactor authentication means you’ll have to take the extra step of entering a code that you receive via email or text, and that can take a minute – but it can save you a huge hassle and expense by protecting you from hacking.

CISA recommends enabling multifactor authentication for each account or app.

3. Modern phishing messages aren’t always easy to spot.

Reuters and Harvard University conducted research to show how easy it is to get top chatbots to compose phishing messages, and how successful those messages are in tricking recipients.

These AI tools mean that everyone needs to be more careful. It used to be pretty easy to spot phishing emails. You just looked for spelling and grammar mistakes. That’s no longer the case. Hackers can now use AI to write highly convincing phishing messages that adopt the right voice without any errors.

Treat every message as if it could be a phishing scam. Don’t click on links, resist rushing to action, and take time to independently confirm any requests by contacting the company via a phone number, email address or website URL that you know is genuine. See the FTC for more tips.

4. Seeing (or hearing) is no longer believing.

Hackers aren’t just using AI to writing phishing messages. They’re also using AI to clone voices and even create fake videos.

AI voice scams in particular are becoming more prevalent. According to NBC News, it’s now easy for scammers to clone your voice from a short audio sample. ABC7 Chicago says a man lost $25,000 to scammers who used AI to replicate his son’s voice.

5. Data you share with AI tools may be exposed.

Always be mindful that your chatbot conversations may not be private.

Some AI chatbot conversations have been indexed by Google Search, allowing strangers to stumble across them while conducting online searches. Business Insider says both Meta’s AI and ChatGPT have had this problem, while Fortune says it’s also been an issue with Grok.

AI conversations may also be used for model training, and the details could make their way into AI outputs. According to Vice, image generators will sometimes generate examples from their training data, and chatbots can also be tricked into sharing personal information from their training data. The University of Arizona also warns that developers may have access to chatbot conversations.

Many AI apps include a default setting which allows the AI app to “learn” from your entries and improve the model for everyone. Go to your account’s settings/data controls to turn this feature off if possible. Finally, avoid sharing personal, financial or medical information in chatbot conversations. At work, beware of sharing company secrets or intellectual property.

6. Keep your software and website up to date.

To ensure you have the latest security patches, it’s important to keep all your website, software and operating systems up to date.

For anyone using Microsoft 10, this is about to become more difficult. Microsoft has announced that it is ending Windows 10 support on October 14, 2025. To keep your computer system up to date, you can install Windows 11, but this is only possible if your computer meets the minimum system requirements for Windows 11, and many computers do not. Alternatively, you can buy a new PC with Windows 11, or you can buy the Extended Security Updates support.

One more reminder: if you don’t already have cyber insurance, you should think about getting coverage. Heffernan Insurance Brokers can help you assess your risks and find a cyber insurance solution that meets your needs. Learn more.