Cybersecurity Awareness Month 2025

Welcome to Cybersecurity Awareness Month!

Since 2004, the President of the United States and Congress have declared October to be Cybersecurity Awareness Month — a time dedicated for the public and private sectors to work together to raise awareness about the importance of cybersecurity.

Over the years, this effort has grown into a collaborative initiative between government and industry to enhance cybersecurity awareness, encourage individuals to take action to reduce online risks, and promote national and global conversations about cyber threats. October 2025 marks the 22nd year of this important campaign.

Open

Secure our world

Beginning in 2023, the Cybersecurity and Infrastructure Security Agency (CISA) launched the Secure Our World initiative — an enduring theme for Cybersecurity Awareness Month. This theme emphasizes taking small, daily actions to reduce risks when online and using connected devices.

Throughout this month, the IT department will share weekly updates with practical information and tips to help you protect yourself, your family, and your community when using digital technologies.

October 6th, 2025 — The Rise of AI and Misinformation

Artificial Intelligence (AI) is transforming the way we live, learn, and work. At the same time, it is changing the way misinformation spreads online. AI tools can now generate text, images, and videos that are nearly indistinguishable from authentic content, making it easier for false or misleading information to circulate.

This is an important consideration for higher education, where students, faculty, and staff rely on accurate information to make decisions, collaborate, and conduct research. AI-generated content can also be used by cybercriminals in scams and phishing attempts. Emails, voice recordings, and even videos created with AI can impersonate trusted individuals or institutions, making it more difficult to distinguish legitimate communications from fraudulent ones.

How to Spot AI-Generated Misinformation

To stay safe and informed, keep these strategies in mind when evaluating online content:

1. Check the source. Make sure the information comes from a credible organization or news outlet. Review URLs carefully for misspellings or unusual domains.

2. Use fact-checking resources. Websites such as Snopes, http://FactCheck.org , and PolitiFact can help verify the accuracy of information.

3. Watch for emotional triggers. Misleading content often aims to provoke fear, anger, or urgency. Pause and critically evaluate before reacting or sharing.

4. Reverse search suspicious images. Tools like Google Lens or TinEye can help identify where an image first appeared.

5. Be cautious with videos and audio clips. AI “deepfakes” can replicate voices and faces. Look for inconsistencies in movement, lighting, or tone.

Why It Matters

AI-generated misinformation not only undermines trust in online content but can also increase the risk of social engineering attacks, where individuals are manipulated into sharing personal or institutional information. By practicing strong digital discernment and critical evaluation skills, members of the SPU community can help protect themselves, their peers, and the university from potential harm, ensuring a safer and more trustworthy digital environment.

Upcoming

We hope these tips we shared with you today help you stay safer online. Stay tuned throughout October for more ways you can stay safe in our digital world.

As a reminder, SPU IT will never request your password or other protected information via email.

October 13th, 2025 — Keep Your Devices Updated and Secure

One of the simplest and most effective ways to protect yourself and Seattle Pacific University’s network is to keep your devices updated. Regular updates ensure your computer, applications, and browsers are equipped with the latest security patches, performance improvements, and compatibility fixes.

Updates are not just about adding new features. They often contain critical patches that address newly discovered security vulnerabilities. Cybercriminals frequently attempt to exploit these weaknesses, targeting devices that have not yet been updated. Even a short delay in applying updates can leave systems open to attack, putting both personal data and university resources at risk.

Why Updates Matter

Failing to install updates can lead to a variety of security and performance issues, including:

• Exposure to security vulnerabilities: Outdated software can be easily exploited by attackers using known flaws.

• System instability and performance issues: Updates often fix bugs, improve speed, and optimize compatibility with other software.

• Reduced access to tools or services: Some university applications and systems require updated versions of browsers or operating systems to function properly.

Keeping your device up to date helps ensure a secure, reliable, and high-performing work environment for everyone across campus.

Tips to Stay Current

Here are a few best practices to make sure your system stays protected and runs smoothly:

• Restart your device regularly. Many updates are applied during restarts. Make it a habit to restart at least once a week.

• Enable automatic updates. Allow your system to download and install updates automatically whenever possible.

• Schedule time for updates. If you see a prompt for a restart or system update, plan a time soon to complete it — don’t postpone indefinitely.

• Keep applications updated. Regularly check for updates in programs such as web browsers, office tools, and antivirus software.

Important Reminder for Faculty and Classroom Users

This practice ensures that podium computers remain secure, up to date, and perform optimally when you return to the classroom. Turning them off prevents scheduled updates from completing, which can result in slower performance or unexpected issues during instruction.

Stay Secure, Stay Updated

Regularly updating your devices is one of the most effective steps you can take to protect SPU’s digital environment. It only takes a few moments but plays a major role in maintaining both personal and institutional cybersecurity.

If you have any questions about system updates or need assistance with your university device, please contact the IT Support at itsupport@spu.edu.

As a reminder, SPU IT will never request your password or other protected information via email.

October 21st, 2025 — Spotting Phishing and Social Engineering Attacks

Phishing and social engineering are some of the most common and effective methods cybercriminals use to trick people into revealing sensitive information. These attacks do not rely on breaking through firewalls or cracking passwords; instead, they exploit something much simpler: human trust.

At Seattle Pacific University, phishing attempts occur frequently and are often disguised as messages from familiar sources such as professors, administrators, or even SPU departments. Recognizing these tactics is one of the most powerful ways to protect yourself and the SPU community.

What is Social Engineering?

Social engineering happens when an attacker manipulates human interaction to gain access to confidential information. These individuals often impersonate trusted figures such as coworkers, supervisors, or vendors to appear legitimate. Their goal is to collect enough information to access systems, steal data, or compromise accounts.

A well-crafted message or phone call may sound professional and believable, but it is intentionally designed to create a sense of urgency or trust. This pressure can lead you to act quickly by clicking a link, sharing sensitive information, or approving a login request before realizing the danger.

What is Phishing?

Phishing is a type of social engineering attack that uses deceptive emails, texts, or websites to steal sensitive information such as login credentials or financial data.

These messages may look legitimate, using SPU branding or the name of a real organization, but they often contain subtle warning signs such as:

• Unfamiliar or misspelled sender addresses

• Requests for passwords, payment, or personal information

• Poor grammar or formatting

• Suspicious links or attachments

• Urgent or emotional language (“Your account will be locked if you don’t respond”)

How to Protect Yourself

Being alert and cautious can make all the difference. Here are some simple steps to safeguard yourself and SPU’s digital environment:

• Think before you click. Hover over links to see where they really go. If something looks off, don’t open it.

• Verify the sender. If an email seems unusual, even from someone you know, confirm through another method such as like calling or messaging the person directly.

• Report suspicious messages. Use the “Report Phishing” or “Report Spam” options in your SPU mailbox. Reporting helps IT block malicious emails before they reach others.

• Avoid sharing sensitive information. SPU will never ask for your password or personal credentials via email.

• Watch for MFA fatigue. If you receive multiple login approval prompts you didn’t initiate, deny the requests and contact the IT Support immediately.

What to Do If You Fall Victim

If you accidentally click a link, share information, or approve an unexpected login prompt, don’t panic but act quickly.

• Report the incident to the IT Support at itsupport@spu.edu or 206-281-2982

• Immediately change your SPU password

• If you believe your personal financial information was exposed, contact your bank or credit card company to monitor for fraudulent activity.

Quick action helps contain potential damage and protect others in the community.

Stay Vigilant

Phishing and social engineering attacks are constantly evolving, but awareness is your best defense. By thinking critically and pausing before you act, you can help keep SPU’s digital community safe.

As a reminder, SPU IT will never request your password or other protected information via email.

October 27, 2025 — The Power of Passwords: Strengthening Your Digital Identity

As we wrap up Cybersecurity Awareness Month, we are focusing on one of the most effective ways to protect your personal and institutional data: creating strong passwords and using multifactor authentication (MFA).

Weak or reused passwords are among the most common causes of compromised accounts. Fortunately, a few simple habits can make a big difference in keeping your information safe.

Best Practices for Strong Passwords

A secure password protects your identity, data, and access to systems. Here are a few tips to strengthen your digital security:

• Use at least 12 characters. Longer passwords are significantly harder to crack.

• Avoid personal information. Do not include birthdays, names, or common words that could be guessed.

• Never reuse passwords. Each account should have its own unique password.

• Update passwords regularly. Especially after any sign of suspicious activity or a known security breach.

• Use a password manager. Built-in tools like Google Password Manager and Microsoft Edge Password Manager make it easy to securely store, generate, and autofill strong passwords across your devices. Both integrate with your existing accounts and can alert you if a password has been compromised, helping you keep your logins safe and unique without the need to remember them all.

Creating a Password with a Passphrase

If you prefer to create passwords yourself, one of the best techniques is to turn a familiar phrase into a password. Take the first letter of each word in your phrase and then add symbols or numbers that make sense to you.

For example, start with a phrase that is familiar or significant to you:
“May the force be with you.”

Now, take the first letter of each word and make small substitutions:
M+F&WY!977

• The “+” represents the letter T

• The “&” represents the letter B

• The !977 references the 1977 release year of Star Wars

This approach creates a password that is long, complex, and personal enough to remember without writing it down.

The Importance of Multifactor Authentication (MFA)

Even the strongest password can be compromised, which is why enabling MFA adds an essential extra layer of security. MFA requires a second factor—such as a mobile app, text message, or authentication prompt—before granting access to your account. Every SPU account is required to have MFA set up using the Microsoft Authenticator app. You can refer to this documentation if you need assistance in setting up MFA for the first time.

Keep Your Accounts Safe

By combining strong passwords with MFA, you significantly reduce your risk of being compromised online.

• Use a unique, complex password for every account.

• Turn on MFA wherever it is available.

• Avoid sharing or writing down passwords.

• Review your accounts periodically for unusual activity.

Cybersecurity does not end in October. By keeping your passwords strong and enabling MFA, you help protect not only your information but also the security of SPU’s entire digital community.

As a reminder, SPU IT will never request your password or other protected information via email.

Table of Contents