© (c) Cyberfreek Industries, llc 1997-2025 All rights reserved.

Main Menu  

Cyberfreek on Twitter  

The Hacker News  

The Hacker News

October 2025 is Cyber Security Awareness Month

Details
Written by: CyberFreek
Category: Cyber Security Topics

Each year, October is designated as the Cyber Security Awareness month.   I will be posting articles here on how to help make your organization more secure and aware of various Internet Nasties.

I call them Internet Nasties because each type has different purposes all aimed at stealing information. Examples are:

Viruses
A virus is a type of malicious software (malware) that attaches itself to a legitimate program or file and replicates itself when that file is run, infecting other programs and computers without the user's knowledge.

Malware
Malicious software designed to infect computer systems, networks, or servers, often without the user's knowledge, to steal data, disrupt operations, gain unauthorized access, or cause damage. Common types include viruses, ransomware, and spyware, and it can be spread through email attachments, infected websites, or vulnerable software.

Spyware
Spyware is malicious software that secretly infiltrates a computer or mobile device to collect sensitive personal information, such as passwords, browsing habits, and location data, without the user's consent.

Root Kits
A rootkit is a type of malware designed to gain continuous, privileged access to a computer or network while actively hiding its own presence from users and security software.

Corporate Spying
Corporate espionage is the unauthorized, unethical, and often illegal acquisition of a competitor's proprietary information, trade secrets, or intellectual property for commercial or financial gain.

Scams (tons of different types)
These can include all listed here and dating site scams, banking scams, threat or extortion scams, Investment scams, Unexpected Money Scams, Services Scams and various other scams that are intended to obtain personal information to steal your identity and/or banking information.

Fake Emails ( also known as Phishing)
Using fraudulent emails to entice someone to click onto a link or call a number.  If you call the number, your voice could be recorded to create an AI of your voice to use against you.  

Vishing (also known as Voice Phishing)
A phone call or voice messages to trick people into revealing personal or financial information, such as passwords, credit card numbers, or Social Security numbers.

Smishing (also known as text phishing on mobile devices)
Fake mobile Text messaging to entice someone to click onto a link within a text message or call a number

Corporate Level or "C Level" monitoring and tracking
This is where if your company is a fast rising company and/or a well established company, your management teams are targets for all internet nasties but also potential kidnapping and other personal level attacks.

Insider Threat
An insider threat can be employees, contractors, or even partners who have been granted access to an organization’s systems and data. Whether they are intentional or unintentional, they can cause significant damage to an organization. 

 

How to protect yourself and your company:
There is a long list of things to do.  Here are some of these tips:

  • If you notice anything odd or off in your daily computer use, say something.
  • If you receive a suspicious email,  say something.  report it. DO NOT click onto anything within the email.
    • Some emails are now including a web pixel.  If you open the email to read it, the email will go to the pixel website and report the email was opened.  Report this immediately.  This is a way that hackers know that the email they sent was actually opened and read.
  • Report suspicious activity.  If you see someone hanging around in the parking lot or near an area that they should not have access to, report this.
  • Use strong passwords.  Normal dictionary words are easy to crack and may allow a hacker to login as you and abuse your privileges and/or attempt to escalate permissions in a formal attack on your system, company or network.  There are various password generators available.  Ask your Security Team how to safely store your passwords in a suggested password manager.  Most companies have a preferred Password Manager or can suggest one.
  • Use MFA (MultiFunction Authentication) authorization.  This can be 2 or more step authentication.
  • Never let anyone borrow your Cell Phone.
  • Be aware of your situation, report anything suspicious.
  • DO NOT click onto any links within unknown emails.  Report the email.
  • Include all employees including Corporate Officers in Cyber Security Awareness training.  A company survives by everyone pitching in.
  • Confirm the sender of an email before opening.  If you are not sure, open the header and look at the actual sender's name.  If you are expecting an email from "This email address is being protected from spambots. You need JavaScript enabled to view it."  but the header shows "john.234ou812@sdgfkjbsdfiugft@com"  It's a bogus email.  Report it.
  • DO NOT share passwords
  • DO NOT write out passwords on your desk or in your surroundings.
  • DO NOT store your passwords in a book or notepad you carry with you.
  • DO NOT store passwords in a clear text file. (normal text file)
  • DO NOT use any external storage for corporate data. This includes Dropbox, MEGA and various other sites. Ask your Security Department on how to securely transfer files to vetted individuals, An example would be a spreadsheet of a monthly income for your accountant who may be external.
  • DO NOT use external email addresses for corporate business.  Ask your Security Department on the proper procedures.
  • DO NOT use freely available AI sites (ChatGPT & others) to do code review or to ask for letter reviews.  These public available AI tools store and share your information.  Again, ask your manager or Security Team what is used internally.
  • Be suspicious of external phone calls, especially cold calls asking for information.  One of the biggest fraud call asks to either speak with your manager or corporate official.  They'll ask who that person is.  DO NOT divulge any information.  There is usually a PR department you can direct them to. However do not give out names, just the phone number.
  • DO NOT share your corporate structure with anyone nor store it in any location.  Especially Google Docs.  Internally it is usually stored in a need to know location.

 

These are just some of the Cyber Awareness tips that are available.  If you need or want more, please contact CyberFreek Industries for a review of your Cyber Awareness training or ideas on how to improve it.  We'd be more than happy to work with you.

 

Cheers!

Cyberfreek

  •