Cybersecurity: IT’s really about your protection

On April 8th, 2021, the OHIOSTC community was joined virtually by Dr. Chuck Dull, the Associate Dean for the IT Center of Excellence at Tri-C Community College. Dr. Dull’s presentation was entitled Cybersecurity: IT’s really about your protection. As President Bronstrup shared in the introduction, “This evening’s talk is so important and so vital, especially during this time when we are spending so much time online.”

Dr. Dull began by sharing that in “cybersecurity, most experts will tell you there are two victims. Those who know they are a victim and those who don’t.”

The Problem: Contemporary scammers are more sophisticated than the original scammers who used Nigerian princes. One source of vulnerability, among others, is flash drives. These can be loaded with software that when introduced to your computer and network, exposes your organization. But humans remain the weakest link in cybersecurity. Using social engineering, the most insidious contemporary strategy, “bad actors” can use an array of strategies to infiltrate an organization.   

Some examples:

  • Scam calls into a department to gather content.
  • Ransomware: Someone captures our data and holds it for money.
  • DDoS attacks: Denial of service
  • Third party software
  • Cloud computing vulnerabilities.

The five most efficient cyber defenders are:

  • Anticipation
  • Education
  • Detection
  • Reaction
  • Resilience

The reason bad actors want your data is because it has value. For example, credit card info can be sold for $33. While banking details can draw up to $260 per record sold. Another form of vulnerability is malware which is code that gets onto your system while shopping or playing online games.

Industries that are particularly vulnerable include

  • Small business
  • Healthcare institutions
  • Government agencies
  • Energy companies
  • Higher education facilities.

Solutions:

  • Train for these threats:
    • Watch for SPAM
    • Phishing
    • Spoofing
    • Compromised email
  • Run tests to validate the training implementation.
  • Conduct cybersecurity audits on a regular basis.
  • Include cyber training in your onboarding.

Proactive tips for ensuring your information is not vulnerable:

  1. Do not reuse passwords.
  2. Use two factor authentication.
  3. Chose platforms that use end-to-end encryption.
  4. Don’t give your data to every site that makes a request.
  5. Use a personal monitoring service.

Dr. Dull illustrated effectively how much diligence is required to ensure the safety of our data, whether it is our personal data or the access each of us controls to our organizations and networks.