As our world becomes increasingly connected, CyberSecurity is more important than ever. What can you do to ensure that your business, education institution, or organization is safe? What does it take to be successful in this field? Read on for answers to these questions and more.
1. What is the biggest mistake that people make that makes them vulnerable to an attack?
Being complacent, thinking they are too small, it will never happen to them.
2. What is the number one thing that a school or small business could do, starting tomorrow to prevent falling prey to a phishing, ransomware or other types of attacks?
Education and continued training. I cannot this stress enough- no matter how many protections we put in place, the end user is the weakest link. Social engineering has become so good, it’s even difficult for professionals to spot.
3. Alec Ross, speaker and author of The Industries of the Future, talks about the weaponization of code. In one of his talks, he says the following:
“My suggestion, my completely uncensored suggestion to you is that what you ought to do, is within you executive teams and on your board of directors you ought to begin to put in place strategies to identify and define the risks identify and define what your capabilities and vulnerabilities are and then lay some plans for the road going forward.”
What recommendations do you have for small businesses as they seek to put these strategies in place? Should Education entities use the same strategies? Are the risks the same for education institutions as for small businesses or corporations?
I agree with Alec in that organizations need to identify and define risk, and define their capabilities and vulnerabilities, however, that is typically not so easily done internally. Larger organizations may have the resources to conduct such assessments internally, but it is always a good idea to get an unbiased, second set of eyes to do network, security and risk assessments. This holds true for both small businesses, enterprises, as well as government and education. Unfortunately, education budgets may lack the necessary funds to do proper vulnerability assessments, as indicated by two major breaches of data in the Apollo Group (200 million records) and Edmodo (77 million records).
4. If someone falls prey to an attack, what is the first step they should take?
It depends on the type of attack, but if possible, change passwords. If it was an endpoint attack, run or rerun scans with proper enterprise anti-malware/antivirus software. If records with PII (Personally Identifiable Information) were compromised, it’s slightly different by state according to their statutes. For information on Arizona statutes, visit Arizona Title 18, section 545
5. What advice do you have for young people who are interested in pursuing a career in CyberSecurity?
There are courses in Certified Ethical Hacking with emphasis on ethical. Choose early on to be one of the good guys. You can make great money helping people and keeping the bad guys at bay.
Fred Hughes is the President & CEO of Phoenix Technology Solutions, one of the leading IT service companies in the Phoenix area. He has over 30 years of experience providing both technical solutions and services to meet challenging business needs. He listens to his client’s challenges and transforms them into technical solutions. Fred prides himself in taking ownership of the task, driving change through teams and consistently deliver results above Client expectations. He has proven success as an entrepreneur, business owner, technical engineer, and sales solution provider. For more information, visit https://www.linkedin.com/in/fred-hughes/