October is cybersecurity awareness month. With 20 years of actual recognition, cybersecurity is spotlighted in October annually, but many businesses and individuals keep it front and center throughout the year. Heartland Bank does just that, and its Information and Security Manager Austin Hohl is admittedly behind the increased oversight.
“During cybersecurity month, individuals should review their online safety. This could be updating and changing online account passwords and reviewing your privacy settings on social media. Another great step to take is to check your devices for updates! Updates can be very annoying and come at inopportune times, but they help keep you and your personal information safe by fixing settings that could leave you virtually vulnerable,” shared Austin.
Don’t be a victim
Virtual vulnerability is real. In addition, it is something that most of our older generations never had to worry about or give thought to. It has become common knowledge though to not click on links in unfamiliar emails and to not use the same password on multiple accounts – because we have heard it over and over. Austin goes on to suggest, “To add to the recommendations, enabling Multifactor authentication (MFA) is the next best thing. This requires a second form of authentication to the system you’re logging in to. If your username/password becomes compromised, the invader still cannot log in to your account because they don’t have your MFA key.”
Even worse, the actual victim of cyber attacks is often blamed for fraud because of lack of knowledge, maybe not paying close attention when responding or is possibly too trusting of email senders. Education is key. Austin adds, “From my perspective, we can always spend more time on education, not because not enough is being done, but because technology is changing by the day which brings new threats to the table. It’s one thing to read a document with tips and tricks or watch a short video with highlights, but in-person training allows associates, clients and businesses to ask questions in real-time and see firsthand how easily a criminal can gain access to our information. It also allows for communication with peers who may have the same questions or concerns.”
They want YOU
With the speed of technological changes drastically impacting the relevance of cybersecurity education, businesses and individuals should commit to staying up to date. Unfortunately, most of the responsibility falls on each user as they are easy targets. “Cybercriminals aren’t really targeting corporations or businesses directly; they target the users. Over the last several years, the cybersecurity landscape has changed from what the movies portray where someone in a van outside clicks a few buttons and ‘gets into the mainframe.’ Though that can potentially still happen, it isn’t as common as you think. Often, criminals are using phishing emails, text messages, social media and/or brand impersonation to trick you into providing information you shouldn’t,” said Austin.
“Social engineering accounts for approximately 80% of all data compromised worldwide. In my role, I see our systems block thousands of social engineering attempts per day from phishing emails to website impersonation. Criminals have become very skilled at ‘hacking the human’ instead of hacking the system because it is normally the quickest way to get in and get out without a trace,” continued Austin as he reiterated the importance of being vigilant 24/7. Workers need to be mindful when they are using their work email or computer. Criminals are masters of deception and manipulation, and individuals are their prime targets.
Businesses are targets too
As business email compromise increases and becomes a threat to raise an eyebrow at, companies are obviously always on defense. According to Austin, “On average, 347.3 billion emails are sent worldwide in a single day. It only takes one of those emails being compromised to potentially cause a catastrophic event in someone’s business. From my point of view, we have seen an increase in clients having their emails compromised which allows the criminal to see all their emails and potentially find financial data they’ve sent before and login information to accounts. If they find your online banking information, they can log in as you and transfer funds before you realize any money is gone.”
Austin’s experience does allow him to offer these suggestions, “A lot of the time, email compromise can be avoided by utilizing Multifactor Authentication. Because the criminal doesn’t have your MFA key, they cannot finish the login process. When they try multiple times and fail, normally an alert is sent to your security team or network administrator, and they can see that someone is trying to access your account and can act accordingly. My other recommendation would be to keep work and personal devices separate when possible. Often corporate networks implement more security controls than we would on our personal devices. Criminals know this and may target you and your devices personally instead of the company or company devices.”
Are you a ChatGPTer?
It’s out there and it’s a thing! Austin has a recommendation for users of this writing chatbot – perfect for clients and associates: “ChatGPT can be a fantastic tool when used appropriately. It can help turn your 5-sentence statement into a 5-page report very quickly, but when you hit enter, all that information becomes available to the world. So, when asking GPT to help, consider the information you’re entering - does it contain Personal Identifiable Information (PII)? If it does, you should replace the PII with a placeholder, this way you can easily find and replace the placeholder information with the real information.”
Austin’s final suggestions
Safety is critical – Austin suggests a few websites to stay up to date:
- I frequently visit the Cybersecurity & Infrastructure Security Agency (CISA) at https://www.cisa.gov/. They provide fantastic resources, tools and best practice guidelines for business and personal online safety.
- The Federal Trade Commission also has great resources tailored to individual safety here: https://consumer.ftc.gov/identity-theft-and-online-security.
- For breaches that may not have made the national news, you can check out “The Hacker News” here: https://thehackernews.com/. They provide many stories that are good to know but didn’t have a national impact so they are often under the radar.
Ultimately, Heartland is devoted to the security of its clients, customers, associates and the communities it serves. Stop in to any one of the 20 Heartland Bank locations for information you can bank on!