Let’s be real: we spend most of our time online, whether it’s scrolling TikTok, shopping, or...
Cybersecurity Awareness Month: Beyond the Basics
If you want to explore this topic through audio or video, click here.
Cybersecurity isn’t just about strong passwords anymore. Hackers don’t even need to hack you if they can outsmart you, trick your printer, or impersonate your boss on a video call. This episode goes beyond the usual checklist and dives into the real threats happening today, how criminals bypass even the most secure systems, and what you can do to stay ahead.
Welcome back to The Tech Coaches Podcast. I’m Fer, the Tech Translator, and with me is Bill, the person who probably owns more firewalls than my grandma has rosaries. Together, we break down cyber concepts so you can stay safe without needing a degree in computer science.
This month is Cybersecurity Awareness Month, so we’re not repeating the same basics you’ve heard a hundred times. Yes, strong passwords, MFA, and updates matter. But true cybersecurity requires going deeper. Because even when you do everything right, a vendor, device, or deepfake can undo all your work.
The Basics Still Matter
Before we get into the advanced risks, let’s cover what truly stops the majority of attacks:
• Multifactor authentication (especially passwordless)
• System and software updates
• Using a password manager
• Regular training for employees
• Cyber insurance requirements
These are the cybersecurity equivalent of brushing your teeth. Not glamorous, but effective.
The Threat You Don’t See Coming: Vendor Vulnerabilities
You can lock your digital doors, but if a vendor leaves a window open, attackers will use it to get to you.
Classic example:
Target was hacked not through its financial network, but through its building’s HVAC vendor.
SolarWinds was compromised, which exposed thousands of organizations at once.
Modern attacks often come through the companies that serve you, not through you directly. Your designer, your IT provider, your software vendors, even your contractors can become the entry point for cybercriminals.
What to Ask Your Vendors
Here are practical questions you should request before trusting a vendor with sensitive data:
-
Do your employees get monitored for credential breaches?
-
What security training do you provide for your team?
-
How often do you patch and update your systems?
-
Do you use MFA for all critical systems?
At the end of this article, we’ve included the Vendor Security Alliance questionnaire. Use it with any vendor or contractor.
Deepfakes: When Your Boss Isn’t Your Boss
Scammers no longer rely on fake emails.
They now use AI to:
• Clone a voice in minutes
• Fake a video call
• Create urgent requests that look legitimate
• Pretend to be your CEO, coworker, or client
Business Email Compromise has evolved into Business Identity Compromise.
Someone can clone your voice, ask an employee to transfer money, and even respond to verification questions in real time using AI.
How to Verify a Suspicious Request
• Call the person using a number you already know.
• Ask a question only they would know the answer to.
• Never approve payments or access permissions without a secondary verification.
• When in doubt, wait to see them in person.
The Smart Home Devices Putting You at Risk
Cybersecurity isn’t just about laptops and phones.
It’s also about:
• Smart thermostats
• Printers
• Security cameras
• Doorbells
• Smart fridges
• TVs in hotels or Airbnb stays
• Old routers
• IoT devices with default passwords
A smart coffee maker can be the weak link in your home network.
Many devices still come with default passwords like “admin123”. Some never auto-update. Many expose their feeds or settings online.
How to Protect Your IoT Devices
• Change default passwords immediately
• Keep firmware updated
• Use a separate WiFi network for smart devices
• Avoid connecting old devices without security patches
• Check hotel/Airbnb TVs and devices for open access
Think of it like a party: your kids (smart devices) stay in a separate room so they don’t run around the main area (your primary network).
Your Cybersecurity Impacts Everyone Around You
A breach doesn’t just affect you.
Your mistake can cost others:
• Money
• Access
• Trust
• Business continuity
Hackers often steal contact lists and impersonate those contacts. They may also impersonate someone in your address book to spread the attack further. It creates confusion and multiplies the damage.
When to Report an Incident
• Contact your IT provider (us) immediately
• If serious, report to IC3 (FBI’s Internet Crime Complaint Center)
• For infrastructure-level attacks, report to CISA
• For new viruses or new attack patterns, reporting helps protect others
Security is a shared responsibility, not a solo mission.
Staying Ahead
Cybersecurity Awareness Month isn’t about repeating the basics; it’s about understanding the evolution of cybercrime. Attackers invent new methods every day. Deepfakes, vendor vulnerabilities, IoT weaknesses, and identity impersonation are now everyday risks.
But awareness, proper verification, good digital hygiene, and ongoing education minimize your exposure and protect not only you, but everyone connected to you.
Because pure cybersecurity doesn’t just protect you.
It protects your clients, your vendors, your family, your community, and your entire digital ecosystem.
Listen to the Full Episode
YouTube
https://www.youtube.com/watch?v=hfqkMbCSU5g
Spotify
https://open.spotify.com/episode/0ozqv7LTTXYNT6DM6qd3yw?si=8c74264eabd34f86
