Good preparation for bad weather won’t change the forecast, cybersecurity expert Bryce Austin writes. In contrast, good cybersecurity planning can significantly impact outcomes.
“Good preparation dramatically increases your odds of not only weathering a cybersecurity storm, but of preventing one in the first place,” Austin writes in his bestselling book, “Secure Enough? 20 Questions on Cybersecurity for Business Owners and Executives.”
Austin, who is from the Twin Cities area, was the keynote speaker on April 18 at the Sioux Falls Cybersecurity Conference. He and other presenters provided a wealth of suggestions for business people looking to enhance the protection of their networks and electronic information.
“In this world of cybersecurity the stakes are high, and the threats are real,” Austin told about 150 business and technology leaders.
Austin was a senior group manager at Target Corporation when the retail giant suffered a massive data breach in 2013. He also previously worked in executive positions in information security at Wells Fargo Business Payroll Services. He and other executive-level employees lost their jobs at Target after the breach. Now he owns a cybersecurity business, TCE Strategy, which helps educate clients about technology and cybersecurity.
To enhance cybersecurity, Austin encourages everyone to activate multi-factor authentication, or MFA, whenever the option is available. MFA is an identity-confirmation process that requires a user to prove his or her identity in at least two different ways before being granted access to a computer system. Typically the options involve something the user knows, has and is.
For example, in addition to typing in a password, a user might also have to give a single-use personal identification number that’s sent to a smartphone or email account.
Mark Shlanta, CEO of SDN, offered an amusing comparison between secure passwords and good underwear habits: Both should be changed regularly, be long enough to do the job effectivity, and not be shared with anyone.
Shlanta stressed the importance of business leaders being proactive, especially in areas such as training that includes all members of an organization.
Eric Pulse, principal and director of risk advisory services at Eide Bailly LLP in Sioux Falls, also stressed the importance of training and security awareness within companies. Establishing a good, security-minded culture in an organization starts with leadership and should spread throughout an organization, he said.
Nearly all data breaches are preventable, Pulse said. Attacks often exploit computer vulnerabilities for which patches are readily available. But major breaches begin with help from the inside, such as an employee being tricked into clicking an infected email attachment or link.
Business networks are only as secure as their weakest link, which is the people with access to the system, Pulse said.
“Technology is going to change. The bad guys are going to change, likely one step in front of the good guys,” he said. So security can never sleep.
U.S. Sen. Mike Rounds of South Dakota noted in remarks at the conference that launching attacks in cyberspace is a cheaper strategy for adversaries of the United States than battlegrounds such as air, land, sea, or space. Among other committee assignments, Rounds chairs the Armed Services Subcommittee on Cybersecurity.
More than ever, the United States needs cybersecurity professionals, such as those being trained at Dakota State University in Madison. However, businesses and organizations also have to do a better job protecting their systems from cyber threats, he said.
“This is real. It is not something that is going to happen to someone else,” he said.
SDN Communications is a regional leader in providing broadband connectivity and cybersecurity services to businesses in communities such as Sioux Falls, Rapid City, Worthington, and the surrounding areas.