TO READ IN ANOTHER LANGUAGE, CLICK HERE!

Our forums have ended for this year’s Cybersecurity Awareness Month, but the conversation keeps going! Thank you to everyone who attended! 

Here are two key takeaways from last week’s forum.

Network Security and VPN Usage

Network security was highlighted as essential, especially when accessing company resources from public Wi-Fi networks like those in airports or on trains. The panel recommended using a company VPN to securely connect to internal resources, clarifying that while VPN encrypts traffic to the corporate network, it does not protect general internet browsing. For maximum security, using a personal mobile hotspot is preferred over public Wi-Fi. Additionally, modern browsers and secure apps help protect data when connecting to external sites, but VPN remains the best practice for accessing sensitive internal systems remotely.

Session Cookies

The team explained that session cookies are authentication tokens that can be stolen via phishing or lookalike sites, allowing attackers to impersonate users online. They emphasized the importance of verifying URLs and using official sign-in portals (like Okta Apps) to avoid falling victim to such attacks.

A Weekly Chance To Compete! Test Your Cybersecurity Knowledge!

But first, the Week 3 winners!

Thanks for participating in the Week 2 Cybersecurity Awareness Challenge!  

• 181 of you submitted the quiz this week. 
• Close to 20% of you (37 total) achieved a perfect score!
• Congratulations to this week’s top performers — click here for the leaderboard.

U.S. team members: We have a winner! We drew a name from all U.S. team members who got 15 answers correct. The winner of this week’s $50 BW merchandise card is Pam Lore, Office Coordinator for Afinitas, based in Iowa. A member of the IT Communications and Strategic Support team will be in touch with details.   

Remember, U.S. team members, every time you participate is an additional chance to win in the final drawing on October 29— you don’t have to make the leaderboard to be in the final drawing! So keep submitting the quiz each week!  

Quiz Challenge Details: 

• Quiz Challenge Week 4 launches today! Find the link below. 
• Take the quiz by 8 a.m. CDT Tuesday, October 21.
• One entry per team member. 
• This quiz is not anonymous. Your name will be recorded upon submission.       
• Winners will be posted in our weekly newsletter throughout October. 
• U.S.-based team members only:  Each week, a prize will be provided to the U.S.-based team member who successfully submitted the most correct answers before the Tuesday, 8 a.m. CDT deadline. Ties will be settled through a drawing from the names of everyone who successfully submitted the same number of the most correct answers before the Tuesday, 8 a.m. CDT deadline. 
  • One more way for U.S.-based team members to win a prize: On October 29, we will randomly draw a name from everyone who completed/submitted a quiz or quizzes throughout the four quiz challenges. Each quiz counts as one entry in the October 29 drawing.

Ready to crush the CSAM challenge for Week 4? 

Once you launch the quiz, the timer begins. Select the best answer to each question. The quiz will close at the end of 8 minutes, whether you finished or not, and you cannot relaunch it. So, don’t launch the quiz until you are ready to commit the full 8 minutes to completing it. 

Protecting Your Privacy and Sensitive Company Information: The Responsible Way To Use Generative AI Resources

Generative artificial intelligence (AI) resources—tools that use generative AI to create new content like text, images, audio and video upon a user’s request—are becoming very popular. Users beware: Many AI tools don’t protect the information that’s entered into the prompt fields. In fact, these tools often use your prompt details to train the AI model, which means your prompt details are likely to be provided to other users. When it comes to generative AI, always be mindful of unintended data exposure, compliance violations, and the unapproved use of AI tools without the knowledge or oversight of the IT team or security team. 

At Barry-Wehmiller, the only approved generative AI tools are Microsoft Copilot and Anthropic’s Claude.ai. If you have questions on how to access these tools, please contact your IT service desk.

When personally engaging with any AI, be mindful of sharing sensitive information such as:

• Credit card or bank statements: Sharing this data could lead to unauthorized access and threaten your financial identity. 
• Medical records: Sharing personal health information could make your private health details accessible to others while you remain unaware.
• Legal documents: Contracts and agreements are filled with critical and sensitive information that, when presented to an AI, may result in privacy violations and potential legal repercussions.

When using official BW AI business tools, be very careful about sharing proprietary software code and business plans or strategies.  

• At work, even when using our approved AI tools (Claude.ai and Copilot), always be aware: Uploading sensitive and proprietary company information to an AI for assistance in creating documents or presentations can carry significant risks. 
• Exposing confidential business details to an unapproved AI tools poses potential legal risks and can provide competitors with valuable insights into Barry-Wehmiller.

Remember, AI platforms learn from the data they ingest.  They use this data to adapt over time. This makes them susceptible to manipulation through poisoned inputs, adversarial attacks, or flawed training sources. Unlike traditional software, these threats can easily go undetected, quietly altering behavior or leaking sensitive information without causing obvious system failures. AI can be a helpful tool, but it often carries risks that may not be immediately apparent.

Sources:

Ermakov, E. (2025, September 12). When AI tools leak data: The hidden risk of copy-paste into Chatbots. Medium. https://medium.com/@bizsec_top/when-ai-tools-leak-data-the-hidden-risk-of-copy-paste-into-chatbots-4c65f2129150 

Legit Security. (2025, September 3). 9 AI Security Risks: What you need to know for protection. https://www.legitsecurity.com/aspm-knowledge-base/ai-security-risks#:~:text=AI%20models%20interpret%20data%20differently,access%20private%20or%20regulated%20information. 

Security Journey. (2024, December 19). 5 types of data you should never share with ai. Security Journey. https://www.securityjourney.com/post/5-types-of-data-you-should-never-share-with-ai 

Barry-Wehmiller’s “Use of Public Generative Artificial Intelligence Services Policy.” February 2025, Retrieved from bwpolicies.com/global. 

Thank you for joining us for Cybersecurity Awareness Month! And, as always, thank you for your commitment to keeping Barry-Wehmiller’s data and your personal information safe.