Understanding Personal Cyber Risk: Key Takeaways from PSA’s December Lunch & Learn

Understanding Personal Cyber Risk: Key Takeaways from PSA’s December Lunch & Learn

PSA’s December Lunch & Learn with cyber specialist Kacey Wheeler from Marsh McLennan Agency underscored a simple truth: in today’s world, personal cyber habits directly affect business security—especially in agriculture and seed.​

Why Cybersecurity Matters to Seed Professionals

Wheeler opened by reframing cybersecurity as a daily life issue, not just an IT problem, noting that many attacks are opportunistic and look for “easy” targets rather than specific individuals or companies. She highlighted that a large share of adults have had personal data exposed and that one in three homes with computers experiences malicious software, yet many people still believe “I’m not important enough to be a target.”

For PSA members, this mindset is especially risky because compromised personal devices often have access to company email, shared drives, and business systems, turning a home incident into a business breach.

When Home Risk Becomes Business Risk

The presentation emphasized how “bring your own device” (BYOD) practices and remote work blur the line between home and office networks. Personal laptops, tablets, and streaming devices often lack enterprise-grade protections but still hold or connect to corporate credentials.

Wheeler noted research showing that nearly half of compromised systems with corporate logins also contained exposed personal credentials, suggesting that attackers frequently get in through a personal account and then move into business systems. She pointed to recent examples of foreign-backed actors abusing consumer devices as a foothold into broader networks, reinforcing that every device on a home network can matter.

Real Claims, Real Impact

To show the human and financial toll, Wheeler walked through real cyber claims that started with simple social engineering. In one case, a phishing call pretending to be tech support led to a $64,000 cryptocurrency loss; in another, spoofed bank messages enabled fraudulent wire transfers totaling $160,000.

She also described a ransomware-style extortion where a malicious mobile app gave an attacker access to a victim’s phone contents, resulting in a demand of two Bitcoin—roughly $200,000—for silence. The session also covered “pig butchering” scams, long-term cons that often begin on dating apps or social platforms, where trust is slowly built before the victim is pushed into fake “investment” apps and loses everything.

Who’s Attacking and Why

Wheeler categorized attackers by their primary motivation, with financial gain dominating the landscape through credential theft, wire fraud, ransomware, and sale of stolen data. She explained that cybercrime is now a full ecosystem, with tools and services—such as ransomware kits—sold to less sophisticated actors.

Other categories included politically or ideologically motivated groups, state-sponsored espionage teams focused on long-term intelligence, and so‑called “script kiddies” who use off-the-shelf tools for fun, clout, or personal grudges. For PSA members, the takeaway was that even smaller organizations can be swept up in broad campaigns rather than singled out.

Everyday Threats Members Face

The session broke down common threats that hit both individuals and businesses. Social engineering and phishing remain the top entry points, with attackers impersonating banks, vendors, or colleagues to steal logins or reroute payments. Email account compromise is particularly damaging when inboxes lack multi-factor authentication; once inside, attackers quietly monitor threads and alter invoices or banking details at key moments.

Wheeler also highlighted familiar but persistent weaknesses: weak and reused passwords, unpatched devices with known vulnerabilities, insecure public Wi‑Fi, and poorly secured Internet of Things (IoT) devices like cameras, smart TVs, and wearables that can serve as overlooked entry points to a network.

Building Stronger Password Habits

A central pillar of Wheeler’s advice was to stop reusing passwords and instead rely on a password manager to generate and store strong, unique credentials for each account. Tools such as commercial password managers make this practical even for busy professionals juggling dozens of logins.

She stressed that multi-factor authentication (MFA) should be turned on for all critical accounts—email, banking, social media, and key business systems—because it often prevents a stolen password from turning into a full account takeover.

Keep Devices Patched and Pruned

Wheeler urged attendees to treat updates as essential security maintenance, not optional “later” tasks. Updates often patch publicly disclosed vulnerabilities that attackers begin exploiting within hours or days. Enabling automatic updates where possible for phones, computers, routers, and IoT devices helps close those windows quickly.

She also recommended retiring unsupported or “ancient” hardware that no longer receives updates and reducing the number of unused apps and accounts. Each extra account, app, or device increases the “attack surface,” so deleting what is no longer needed is an easy way to lower risk.

Shrink Your Digital Attack Surface

Attendees were encouraged to think of their attack surface as all the ways an attacker could reach them—online accounts, devices, apps, and even old data. Practical steps include deleting unused online accounts, uninstalling software that is no longer used, and securely wiping or physically destroying storage in old devices before disposal.

Wheeler also suggested reviewing app permissions on mobile devices, limiting access to only what is necessary, and asking whether every device really needs to be online. Fewer exposed services and permissions mean fewer opportunities for attackers.

Locking Down the Home Network

Because home networks now support both family life and business operations, Wheeler offered concrete recommendations for strengthening them. One key step is setting up a guest network for visitors and less-trusted IoT devices, keeping them separated from the main network used for sensitive work.

She also advised “hardening” routers by changing default admin and Wi‑Fi passwords, disabling remote management features that are not needed, and using the strongest encryption available, such as WPA3 where supported. Regularly checking for firmware updates on routers and access points adds another protective layer.

Safer Use of Wi‑Fi and Bluetooth

Wireless convenience can introduce hidden risks if left on all the time. Wheeler explained that devices may auto-connect to familiar network names, which attackers can spoof with rogue hotspots to intercept traffic or trick users into visiting fake sites. Turning Wi‑Fi off when not needed, especially in public places, lowers the chance of connecting to malicious networks.

Similarly, leaving Bluetooth on continuously can expose older devices to known flaws, particularly when default or weak pairing settings are used. The simple habit of switching Bluetooth off when it is not actively in use reduces another set of vulnerabilities.

Protecting Your Financial Identity

Wheeler encouraged attendees to consider placing a freeze on their credit with the three major bureaus—Equifax, Experian, and TransUnion—as a preventive step against new‑account fraud. A freeze makes it much harder for criminals to open loans or credit cards in someone else’s name, while still allowing the legitimate consumer to temporarily lift it when needed.

She also recommended enrolling in fraud alerts and monitoring services offered by banks and credit unions, so unusual transactions are flagged quickly and response times are shortened.

“Never Trust, Always Verify” in Practice

A recurring theme throughout the Lunch & Learn was adopting a “never trust, always verify” mindset, especially for requests involving money or sensitive information. Wheeler advised verifying payment changes or unusual requests using a separate, pre‑established channel—such as calling a known number from a prior invoice rather than a number in a new email.

For links and attachments, attendees were urged to pause and check suspicious URLs with tools like VirusTotal before clicking, and to reserve public Wi‑Fi for low‑risk browsing. For any financial or sensitive transactions, using a trusted network, personal hotspot, or VPN and confirming that sites use HTTPS can significantly reduce exposure.

Knowing Who to Call When Something Goes Wrong

When incidents do happen, speed and clarity matter. Wheeler outlined a basic response sequence: immediately contact the relevant financial institution to attempt to stop or reverse fraudulent activity, then notify local law enforcement and file a report with the FBI’s Internet Crime Complaint Center (IC3), which serves as a central intake for cyber-enabled crime reports.​

She also encouraged members to talk with their banks, employers, and insurance partners about available fraud-prevention tools, credit monitoring, and cyber insurance resources so they know what support exists before a crisis hits.

Follow Up Action Items:

To help turn insights into action, PSA shared a checklist aligned with Wheeler’s guidance that members can work through over the coming weeks:

• Implement a reputable password manager and move key accounts to unique, strong passwords.

• Enable MFA on email, banking, social media, and business-critical systems.

• Review and close unused online accounts, uninstall unnecessary software, and update all devices and routers with the latest patches.

• Harden the home network, including guest Wi‑Fi for visitors and IoT devices, stronger router settings, and updated encryption.

• Regularly review app permissions, practice turning off Wi‑Fi and Bluetooth when not needed, consider a credit freeze, and enable fraud alerts with financial institutions.

Business owners were further encouraged to formalize out‑of‑band verification procedures for high‑value financial transactions and to share these best practices across their teams so that cyber resilience becomes part of the organizational culture.

If you missed the webinar, you can find the recording here:

https://www.pacificseed.org/copy-of-events

Looking Ahead: Deeper Dive in Hawaii

To continue the conversation, PSA members were invited to a follow‑up, in‑person program in Hawaii from February 8–10, 2026, which will build on Wheeler’s foundation with a deeper dive into business‑specific and agriculture-focused cybersecurity topics. This upcoming session will explore how these individual controls fit into broader risk management strategies, including policies, training, and insurance solutions tailored for the seed and agricultural sectors.

Members who found the December Lunch & Learn valuable are encouraged to join this extended program to strengthen their organization’s defenses, share experiences with peers, and bring practical, sector‑specific solutions back to their teams.