Facebook Twitter Pinterest
Technology has many benefits in today's world, but it's also a scary thing. It's easy to pay for items online with your credit card, but more and more hackers are looking to gain access to those same cards for nefarious purposes.
That's where people like Mike Weiss come in. The director of information technology for the City of Midlothian has some advice to help people feel more secure and avoid becoming a victim.
Weiss has over 25 years of experience in information technology and over 17 years in local government, specializing in cyber security with an emphasis on blue team (defense) operations.
In 2007, Mr. Weiss earned his Certified Information Systems Security Professional (CISSP) certification and earned his Master of Science in Information Security Engineering in 2012. Additionally, he holds multiple certifications in information security work, including Windows defense, industrial security systems, defensive architecture, enterprise defense, incident handling, and intrusion analysis.
Weiss has been with the City of Midlothian since 2009.
FDN: What is the best advice you can give someone to keep their information safe?
MW: Best practice is to take good care of your passwords. These days, almost everyone has accounts and uses passwords to verify their identity. Using a password manager such as LastPass, Keeper Security, or Dashlane to store your passwords in an encrypted vault and utilize automatic password generators can greatly improve your information security. Most password managers include browser plugins or mobile phone apps that allow you to easily access your accounts and auto-fill your passwords. These are rare examples of increased security and convenience.
It's generally recommended to start with a few passwords that you use frequently and gradually increase them as you become more familiar with the process and how the password manager works. Most password managers also come with additional tools to check if your passwords have been found in a hack, recommend which passwords should be replaced or improved, and in some cases even allow you to reset your passwords from within the manager.
Additionally, multi-factor authentication (MFA) has been gaining popularity recently. In this method, you enter your password and a code sent to you via email, text message, or app on your phone. This is also a great improvement to personal security, as you need access to an additional code to log in.
FDN: What is the most common, and perhaps most dangerous, thing people should be aware of when it comes to cybersecurity?
MW: A problem I encounter daily is clicking on links in suspicious emails. While many times this is not a problem, it can become a very dangerous habit. We spend a lot of time educating our users to be wary of emails from unknown sources and even emails from known, unexpected sources.
Known as “phishing” attacks, malicious emails try to get you to click on links that appear to be from your bank or tracking numbers for packages, usually with a sense of urgency that your account will be locked or your package will be lost if you don't take action immediately.
When you click on the link, it takes you to a fake site that resembles a bank or social media site and asks you to log in, providing your credentials to the attacker. Or the link attempts to download a malicious file and install malware on your computer, which typically gives them access to your computer and gives the attacker access to more information about your life.
FDN: How has internet security changed since you arrived at the City of Midlothian 15 years ago?
MW: It's amazing how the number of internet-connected devices has exploded over the past 15 years. As a result, they're now accessible to anyone in the world, which has created a huge number of devices that are vulnerable to hacking. Unfortunately, many of the companies responsible for updating and securing these devices aren't always diligent in finding and fixing vulnerabilities.
FDN: Have you ever been through a hack yourself that you can share your experience with? If so, what did you learn?
MW: I've been fortunate to have been directly involved with only minor incidents in my career. Most of these incidents began with a user inadvertently opening an email attachment or clicking a malicious link. As a rule, I employ an approach called defense in depth in my cybersecurity program, which means leveraging multiple overlapping tools to protect the City of Midlothian's systems. In each incident, at least one tool prevented the hack from escalating from a minor issue to a major incident.
Over the years, I've learned that it's really important to maintain a certain level of awareness about what you click on. It's hard in this day and age when there are constant popups and alerts vying for our attention, but being mindful of what you click can prevent a lot of headaches.
FDN: Seniors seem to be a big target for hacking. What do you think are the most common scams and what advice do you have?
MW: Besides the plethora of phishing emails out there, I've also seen a lot of “vishing” attacks, where someone calls your mobile phone, claims to be from Microsoft, the FBI, or another reputable company, and claims to have found a virus or other problem on your computer, and then they ask you to visit a website and install software that will clean your computer as a service.
As with most things, if it sounds too good to be true, it probably isn't. Microsoft or the FBI aren't going to randomly call people and offer to clean up their computers. As with phishing, this is usually coupled with a sense of urgency to get someone to act without thinking.
FDN: What role does the city play in helping people stay safe from hacking?
MW: While the City does not have the ability to protect the privacy or security of personal devices used by our citizens, we make every effort to ensure the security of City systems and devices to protect personal information provided through transactions with individuals and businesses.
FDN: Is there a way for hackers to stay one step ahead of hackers, rather than hackers beating them to the punch?
MW: Unfortunately, there's no way to stay ahead of hackers, as new techniques are constantly being developed and cyber defenders must keep up with new attacks. But by remaining mindful of how you use technology, moderating what you post in public forums like social media, and being critical before clicking links in emails, you can mitigate much of the access hackers need.
Attacking a system from the outside is difficult, which is why many attacks rely on a user clicking a link in an email or visiting a compromised website. If you can prevent that from happening and “breaking into” your computer, you're beyond the reach of most hackers.
FDN: Any other thoughts or comments?
MW: You don't need any technical knowledge or special training to have an eye for something incredibly good or just plain weird. Living in the digital world we live in requires a healthy level of awareness, but also a level of skepticism that doesn't come naturally to everyone.
We have a natural tendency to trust others and we sincerely hope that that special deal that arrives in our inbox is true. Unfortunately, it's probably a scam and simply deleting the email and moving on is usually the best option.