Cybersecurity & You: A Conversation with Director Sheehan
If you’ve been following us on social media, you likely already know – October is Cybersecurity Awareness Month. And who better to learn from about the topic than Mr. Phishead himself – Information Security Director Gary Sheehan?
Faculty and staff members at Elon likely already know Director Sheehan. And if you’re a first-year student, you’ll remember Director Sheehan from the video component at Connected @ Elon, Elon Technology’s orientation event during Welcome Week.
Unmasking Cyber Security
As we begin our conversation, Director Sheehan lays down some demystifying truths about cybersecurity. “There’s nothing magic about cybersecurity. It’s not like it’s something brand new that we haven’t had ever before.” However, that doesn’t mean that there aren’t cybersecurity challenges unique to the modern environment.
“As our private networks have expanded, and our perimeters for our private networks have vanished,” Sheehan continues. “We’ve had to take the controls that we use inside an organization and find a way to expand the functionality of those controls to the outside. To me, that’s where cybersecurity comes into play — being able to implement the same controls we use inside our organization to control the movement of our data on the outside.”
Fighting Back Against the Hacks
When it comes to a global scale, Director Sheehan emphasizes that preventive action is the most effective way to practice cybersecurity. “Those organizations that don’t take it seriously, that try to cut corners, that try to get away with not putting resources where they belong — those are the organizations that are getting hit today.”
One thing is clear – Director Sheehan has no interest in cutting corners at Elon. But the responsibility doesn’t lie solely on his shoulders, either. “Security isn’t something that just one person in an organization does… it’s the responsibility of everyone in the organization.”
So, how does Elon protect against cybersecurity threats? After all, institutions of higher education remain one of the most targeted types of organizations when it comes to scams like phishing. “The biggest, best control is education of our workforce, students and all the folks who are on our campus.”
Director Sheehan also adds that maintaining your devices is crucial for both personal and organizational security. “If you drive a car, some people don’t take the responsibility of owning the vehicle, they just drive it. They might put gas in it, but do they ever get the oil changed, check the tires and make sure everything is working? As the owner of that vehicle, you need to be responsible. If you don’t know, get somebody who does know. Take it to a mechanic and make sure everything is current on it. To me, technology should be the same way… treat it as an appliance in your home.”
But it doesn’t stop at your laptop or desktop. “The cell phone is another thing. You think it’s not that big of a deal – ‘it’s a cell phone. If I lose it, oh well.’ But there is so much information and connectivity on that device – that is another area that people really need to understand is important. You need to keep your cell phone up-to-date like everything else and treat it like another major appliance.”
Protecting Your Data
One doesn’t have to look too hard to find examples of cyber-attacks on third-party organizations that have resulted in millions of people losing their data to hackers. Whether it’s financial institutions or retailers, these breaches have the potential to impact anybody who has provided them with their financial information in the past.
But that doesn’t mean you’re fully at the mercy of these large companies and their security holes. “There are tools out there that keep your passwords safe. We use a tool here called LastPass. And we make it free to everybody – students, staff and faculty. You can create different accounts and passwords for all your stuff. And you don’t necessarily have to remember them. So, if a third party does get breached, you’re not going to lose data from your other accounts.”
Phishing scams, where an identity thief will reach out to you in the guise of a professional or acquaintance with the intention of stealing your financial information or other sensitive data, are very common at institutions of higher education. “Phishing has become so easy nowadays,” says Director Sheehan. “There are even phishing kits out there. I could find one on Google right now that would allow me to phish and spoof in a matter of minutes without any previous knowledge.”
When it comes to preventing phishing scams, awareness is, again, a key preventive measure. “Our environment here at Elon is a trusting one. And that’s gotten us in trouble in the past. A direct report will get an email from their ‘superior,’ where the superior is asking them to buy $600 worth of gift cards and send them the numbers on the back. And they do that. They send it back to the person who sent the email and – before you know it – they’re gone.”
Staying Aware
Skepticism can make the difference between falling victim to a phishing scam and staying safe online. “Just because you got an email from Publisher’s Clearing House telling you that you’ve won a million dollars doesn’t mean if you click on the link that you’ll then get those ten million dollars.”
This is one of the reasons phishing is such a problem. It exploits something that many people have in abundance: curiosity. “It’s human nature to be inquisitive like that,” Sheehan says. And while curiosity might not kill in this case, it can certainly lead to an unfortunate loss of data.
Director Sheehan closes our interview out with some sobering facts about data loss. “Today’s scammers and phishers are smart enough to know not to use stolen information right away.” He goes on to explain that, in order to be untraceable, hackers often won’t use stolen information until several years after the initial hack. This makes a daily habit of staying cyber safe even more essential.
So, how can you learn more about staying safe online? Lucky for you, Director Sheehan has put together some helpful Moodle courses for faculty, staff and students that will walk you through some practical applications of cybersecurity. In the meantime, remember this parting wisdom from Director Sheehan: “Think before you click anything.”