How Recyclers Can Stay Cyber Aware and Protect Their Business Operations

October is National Cybersecurity Awareness Month. Since 2004, the U.S. Government and industry have worked together each October to ensure Americans have the necessary resources to stay safe and secure online. The theme in 2025 is Stay Safe Online and focuses on simple ways to protect yourself, your family, and your business from online threats.

In honor of National Cybersecurity Awareness Month, ReMA News chatted with Patrick Thomasson, Director of Security, at NTI IT Services, the company that provides helpdesk/IT support to ReMA and many other organizations. Since 2009, National Technologies (NTI)opens in a new tab has delivered turnkey fiber optic network and data center infrastructure services to keep its customers up and running.

Thomasson has been working in IT and cybersecurity for 30 years, working in different environments from large universities with 30,000 users to small startup companies. One of his major goals is to help people succeed with technology in a safe and secure way.

During the discussion, Thomasson shared common cyber threats, activities in daily life that people may not realize could leave them exposed online, and strategies that can help organizations keep themselves and their employees cyber aware.

What are some things in everyday life that could leave you exposed online?

We're seeing an increase in very sophisticated and highly targeted phishing attacks, also known as spear phishing. These attackers research individuals or organizations and craft personalized, convincing messages that look like they're from a trusted source.

Though you might expect these attacks to happen only to large organizations because there are so many employees, and the companies are making millions or billions of dollars. But we're seeing these types of attacks on small and medium-sized businesses and organizations as well.

Anything that you share publicly online, whether that's on Facebook, Instagram, LinkedIn, or a personal blog, can be used by attackers to craft a very convincing and timely attempt to attack your organization.

A common example is when someone gets a new job, they may post about it on LinkedIn that they're excited to start and include a start date and the name of their manager. Then, around their first day of work, they'll get an email that looks like it's from their manager or the CEO asking the employee to purchase gift cards.

There are more technologically sophisticated and terrifying examples. I've heard of multiple examples of deepfakes, in which someone's voice is accurately and convincingly reproduced with AI. The story I heard recently was of a woman who received a phone call from someone she believed to be her daughter. Her "daughter" claimed she was at the police station and needed money. That's a terrifying example because who wouldn't know their own child's or parent's voice?

What can businesses do to protect themselves and their employees online?

Annual cybersecurity training is key for yourself and your employees. Part of the training campaign should include how employees can access your cybersecurity policy. When you send out information about the training, make sure to include a link to the policy and provide some highlights for employees.

It's always good to have protection and monitoring in place. Make sure you keep accurate inventories of equipment like computers and users. When people leave your organization, make sure their accounts are turned off and their devices are retrieved and handled according to the organization's policies.

Another way to protect your business is by using multifactor authentication. There are many attackers who attempt to steal credentials to get someone's password to login to their system. Of course, you still want to protect your password, but with the second or additional factor, the attacker has a harder time getting into the system.

There are different types of multifactor authentication. Getting a code by text message is probably the most accessible, but it's not as secure as using an authentication app. Another way to protect your passwords is using a password manager in addition to multifactor authentication.

What are some strategies in daily life you can do to stay cyber aware?

Be aware of what you share publicly. If you receive a call or message that's out of the ordinary or just doesn't feel right, make sure to verify it some other way. If you get a weird email from someone, call them back. If you get a call from someone you know from an unknown number, try calling them back on a number you know is theirs.

You could also establish a codeword with another person to use during emergencies. For example, you plan with a family member that if you're in an emergency you need to say or hear a specific word to give or receive their help. If you decide to use a codeword, write it down and keep it somewhere safe instead of putting it in a word document. It's amazing how some low-tech things can disrupt high-tech and sophisticated attacks.

Everyone in an organization should have a level of cyber awareness, some roles will have a greater focus on cybersecurity like IT, the cybersecurity department, and departments that often get targeted like finance and senior leadership.

To stay cyber aware day to day, I recommend checking out cybersecurity newsfeeds, podcasts, or summary digests to stay up to date of what's going on. While annual training will teach employees to be cyber vigilant and provide general information that's always helpful and applicable, the day-to-day awareness will complement the training by highlighting current threats and vulnerabilities that may impact your organization.

Photo by FlyD on Unsplash.