October Is Cybersecurity Awareness Month
Every October, Cybersecurity Awareness Month shines a spotlight on cyber defense strategies – but these practices matter every single day. Cyber criminals use social engineering, AI-powered scams, and ransomware to compromise our sensitive data and critical systems — and as a user of digital systems at NYCHA, you are one of our most powerful security tools.
This month, we’re focusing on four simple actions that can make all the difference: STOP, LOOK, THINK, and ACT.
STOP — Trust Your Training
Cyber criminals prey on our emotions and busy lives. Social engineering remains one of their most effective tools, because it exploits human nature rather than technology vulnerabilities.
What You Can Do:
Pause before you respond. If something feels off, it probably is. Scammers create urgency to trick you into acting without thinking.
Take care of your wellbeing. Stress and fatigue make us all more vulnerable to mistakes. Take breaks, manage stress, and get enough rest — a clear mind helps you spot red flags.
Learn from real incidents. Many phishing victims were simply rushed or distracted. Don’t let that be you.
LOOK — Check the Clues
Hackers reuse tricks because they count on you not paying attention. With AI-powered scams on the rise, vigilance is more critical than ever. Deepfakes, synthetic media, and AI-generated phishing emails are becoming increasingly sophisticated.
What You Can Do:
Look for unexpected requests, unusual tone, or look-alike email addresses that mimic legitimate ones (like replacing “i” with “1” or adding an extra letter).
Question anything “too good” or overly urgent. If it promises a reward or demands immediate action, verify independently — pick up the phone and call the person directly.
Trust your instincts. Use both critical thinking and your intuition. If something doesn’t feel right, verify it through another channel before responding or clicking.
THINK — Consider the Risk
A few seconds of caution can prevent major consequences. “Business email compromise” and ransomware attacks are real, costly, and frequently make headlines. One careless click can lead to data breaches, financial loss, and damaged trust.
What You Can Do:
Understand the impact. That “harmless” reply or attachment could be the entry point for a major attack.
Avoid risky clicks. Don’t open attachments or links from unknown sources. When in doubt, verify through a separate channel.
Be proactive. Stay informed about cyber threats in the news. Understanding criminals’ financial motives helps you recognize their tactics.
ACT — Be the Human Firewall
You are part of the city’s defense. When something seems suspicious, don’t wait — take action. Your vigilance protects not just you but also your colleagues and the entire organization.
What You Can Do:
Report suspicious activity immediately. Don’t assume someone else will do it. Use the “report suspicious email” or phish alert button and contact your security team.
Champion cybersecurity. Speak up about suspicious emails or requests. Encourage managers and colleagues to prioritize security practices like using the phish alert button in daily work.
Looking Ahead: Beyond October
While October is Cybersecurity Awareness Month, these practices matter year-round.
Your Action Items:
✓ Keep reporting suspicious activity — your awareness helps protect everyone.
Remember: STOP, LOOK, THINK, and ACT. Together, we’re building a human firewall that keeps our city safe.