Cybersecurity is front and center in the news lately, especially in Central Ohio with recent reports of a cybersecurity incident involving the City of Columbus. As October is cybersecurity awareness month, cybersecurity is in the spotlight, but many businesses and individuals prioritize it every single day. Heartland Bank does just that, and its Information and Security Manager Austin Hohl is admittedly behind the increased oversight.

“During cybersecurity month, individuals should review their online safety. This could be updating and changing online account passwords and reviewing your privacy settings on social media. Another great step to take is to check your devices for updates! Updates can be very annoying and come at inopportune times, but they help keep you and your personal information safe by fixing settings that could leave you virtually vulnerable,” shared Austin.

How to avoid being a victim

Anyone using digital communication is vulnerable to cyber criminals. It has become common knowledge though to not click on links in unfamiliar emails and to not use the same password on multiple accounts – because we have heard it over and over. Austin goes on to suggest, “To add to the recommendations, enabling Multifactor authentication (MFA) is the next best thing. This requires a second form of authentication to the system you’re logging in to. If your username/password becomes compromised, the invader still cannot log in to your account because they don’t have your MFA key.”

Education can make all the difference. Austin adds, “From my perspective, we can always spend more time on education, not because not enough is being done, but because technology is changing by the day which brings new threats to the table. It’s one thing to read a document with tips and tricks or watch a short video with highlights, but in-person training allows associates, clients and businesses to ask questions in real-time and see firsthand how easily a criminal can gain access to our information. It also allows for communication with peers who may have the same questions or concerns.”

Criminals are after YOU

Businesses AND individuals should commit to staying up to date. YOU are who they are after, so you need to assume the bulk of the responsibility for staying educated. “Cybercriminals aren’t really targeting corporations or businesses directly; they target the users. Over the last several years, the cybersecurity landscape has changed from what the movies portray where someone in a van outside clicks a few buttons and ‘gets into the mainframe.’ Though that can potentially still happen, it isn’t as common as you think. Often, criminals are using phishing emails, text messages, social media and/or brand impersonation to trick you into providing information you shouldn’t,” said Austin.

Criminals are masters of deception and manipulation, and individuals are their prime targets. Workers need to be mindful when they are using their work email or computer. “Social engineering accounts for approximately 80% of all data compromised worldwide. In my role, I see our systems block thousands of social engineering attempts per day from phishing emails to website impersonation. Criminals have become very skilled at ‘hacking the human’ instead of hacking the system because it is normally the quickest way to get in and get out without a trace,” continued Austin as he reiterated the importance of being vigilant 24/7.

Emails are prime targets

Companies and individuals must obviously always be on defense, especially regarding emails. Email compromise is an apparent threat, but it can be addressed. Austin’s experience does allow him to offer these suggestions, “A lot of the time, email compromise can be avoided by utilizing Multifactor Authentication. Because the criminal doesn’t have your MFA key, they cannot finish the login process. When they try multiple times and fail, normally an alert is sent to your security team or network administrator, and they can see that someone is trying to access your account and can act accordingly. My other recommendation would be to keep work and personal devices separate when possible. Often corporate networks implement more security controls than we would on our personal devices. Criminals know this and may target you and your devices personally instead of the company or company devices.”

Words of Wisdom

“I’d like to have people start considering the companies with whom they trust their information. I’d like to find a way to have people think twice about the information they are providing to websites, social media, companies, etc. I think we are more likely to trust a human taking our information versus putting our information directly into a computer, but that stereotype could be changing as the world starts to focus on cybersecurity. I think it is important that people consider a company’s security standards, if they have had cyber issues in the past and any additional steps taken to ensure the company keeps our information secure. We are seeing more and more companies with compromises, then they simply give us one year of free credit monitoring, and ultimately nothing additional comes of it. If clients start to push back on companies to ensure they are keeping their information secure, we can help protect our information in the future,” added Austin as he shared his ultimate takeaway.

As a result of the changing digital landscape, Heartland is devoted to the security of its clients, customers, associates and the communities it serves 24/7. Stop in to any one of the 20 Heartland Bank locations for information you can bank on!

If you'd like to hear more from Austin, check out his podcast here!