Welcome to week three of Cybersecurity Awareness Month for 2024. I hope everyone is progressing through the Virtual Scavenger Hunt. If you are not, then click the “Start Hunting!” button on the banner at the top right of this website and begin your chase after a grand prize of a Sony Bluetooth speaker or a super cool weekly prize of a fidget spinner. But before you do that go ahead and read this week’s article where our topics include a reminder to update your software (and how to do it) and a quick discussion of the safe and ethical use of generative artificial intelligence (gen AI).
Before we dive into this week’s topics, I want to update you on our semi-annual cybersecurity awareness training. We are still experiencing issues rolling that out, so you did NOT get an invitation last week. The plan (which may change again) is to send out those invitations this week. Be looking for an email inviting you to the training course. We’ve got our real and our digital fingers crossed that it will happen.
Updating software is an unfortunate reality of our digital times. All software, from simple applications to complex operating systems, will from time to time have to be updated. This is even more true with the advent of gen AI. Programmers can use gen AI to help them write better software, but cyber-criminals can also use gen AI to help them find any weaknesses in software. The pace of updates was accelerating before gen AI hit the scene, but now it is going faster still.
Thankfully, most software companies have made it easy to update your software. Automatic updates are available for everything from web browsers to operating systems. You might have to turn them on, but once they are enabled, you’ll get a notification that updates are ready and your system will run them once it is idle or you can usually opt to run them immediately. Major browsers, including Chrome, Firefox, and Edge now all come with automatic updates turned on. Mobile devices in both the Apple and Google camps are happy to install updates automatically.
What if you have software that doesn’t have automatic updates available? Make it a habit that when you get an update notice from your Windows machine or iPhone or whatever other device or application with automatic updates, you also check your software that doesn’t have automatic updates. If you have a lot of software that doesn’t do automatic updates, you might consider using a utility that inventories what software you have and then watches for updates for your installed software. There are a lot of these for the Windows operating system (OS), as it is much more diverse, in that software is available from so many more sources, than macOS, where most major apps are available in the App Store built into the OS. Lifewire has a recent article about a number of these Windows apps to help with updates. For macOS, there is Latest and MacUpdater, although for the most part you can use the App Store and simply check for updates to apps there.
Mobile devices are a different story. Apple will push updates to their mobile devices including to Apple Watch, iPad, and iPhone. You can also check for updates if you feel you are missing any by going to Settings…General…Software Update. Apps on the phone are updated either automatically or via the App Store.
Android devices are more complex. Depending on what changes a device manufacturer has made to the Android operating system, there may be several ways to update both the Android OS and the apps on the phone or tablet. interestingly, what also varies is the release date of updates from the many different manufacturers of Android devices. You will have to check the documentation for your system to find out exactly how to update the OS. As long as you only get applications from trusted sources like Google or whatever app store the manufacturer provides, they should all update through that store. If you are “side-loading” apps onto your Android device (if you don’t know what that means, you’re not doing it), you are on your own for updates.
Just be sure you are updating all of your devices…don’t leave out your smart TVs and their attached streaming devices, digital assistants like Google Home and Amazon Alexa/Echo, video game consoles and possibly even your vacuum cleaner. If it is running software, there’s a good chance it will eventually need to be updated.
Gen AI is becoming more available to more people as software publishers integrate it into their existing products. Everything from Microsoft Edge to Adobe Acrobat and everything in between is getting gen AI embedded into it. Gen AI can do everything from write our emails and documents to create realistic pictures of events that never happened. The use of gen AI to create images and documents that are misleading, factually incorrect and almost indistinguishable from true images and documents is not only unethical, but could cause you legal trouble. We are entering an age where the old maxim of “just because you CAN do something doesn’t mean you SHOULD” becomes more pertinent to decision making.
Not only do you have to consider what is ethically and legally sound to do with gen AI, you also have to realize that it is the latest tool companies can use to learn more about you, whether intentionally or unintentionally. In the case of most gen AI tools embedded into other applications or freely available on the Internet, anything entered into the tools in a prompt is used to not only generate a response for you, but is used to train the gen AI system to answer future prompts. Don’t put sensitive information, whether personal or institutional, into a gen AI system you are not sure won’t use it to train the gen AI model. Cyber-criminals can fairly easily manipulate prompts into the gen AI system to divulge this information and even if they don’t, the publisher of the system still has access to this data. Depending upon the Terms of Use for the system, they may be able to use that information for purposes you may not be comfortable with.
That’s all for week 3 of Cybersecurity Awareness Month. Be sure to jump into the Virtual Scavenger Hunt and be looking for your invitation to the cybersecurity awareness training. Remember, you will be offered a pre-test in this new training platform. Perform well on the pre-test and you may be able to skip parts of the course.
NCSAM Week 2 – Privacy, Safe e-Commerce, What’s Out There About Me?
October News from Information Security
CAM 2022 Week 2 – Phishing