AUGUSTA, Ga. (WJBF) – Since 2004, October has been declared Cyber Security Awareness Month. This year’s theme is “See Yourself In Cyber”. The idea is that even though cyber itself seems like such a daunting subject, it really comes down to the people who use it; so everyone is encouraged to take steps to stay safe online, talking to people in the community if you see yourself joining that workforce, and for business to be part of the solution.
Brad Means: We do wanna welcome from the Georgia Cyber Center, Joe Holloway. Joe is the director of Elite Training down there and a very busy gentleman and I appreciate you taking the time to be with us. Thanks for what you do.
Joe Holloway: Absolutely, thank you, Brad.
Brad Means: Help us understand a little bit more about what you do. I see the Georgia Cyber Center as a place where everybody can go, public and private sectors and learn all things cyber. Is that pretty accurate?
Joe Holloway: Yeah, that’s pretty accurate. So for the elite training division, our department, we focus on cyber security training, certification training, work role, or even customized security awareness training.
Brad Means: All right, I wanna ask you a bunch of questions and it’ll probably could take up the whole 30 minutes. So we have to be careful, but I wanna, for myself and for others, help us understand how the world of cyber works. Let’s start with our emails, okay?
Joe Holloway: Sure.
Brad Means: And why we should think twice before clicking on a link. This happened yesterday, something came, it looked completely legit, what’s it gonna do? Break our computer if we click on a bad link, walk us through that.
Joe Holloway: Yeah, so it could be used for any number of things, right? So I would say look out for specific urgency in emails. If an email is asking you to click something immediately right now, right? Sign up for this new iPad that we’re trying to give away. If you didn’t register for that iPad, of course, it’s not legitimate. So I would say look for urgency. Anything that’s tied to misspellings in an email. So misspellings are a dead giveaway as well. So most of the folks that you’ll see in these emails, if they get through a spam filter, they’re looking at these from our perspective, English is not their native language, so they may have some different dialect in there. Also, look at urgency from association, right? So they’re associating you with an HR personnel, right? So if they say, Hey, Karen’s got this particular information she needs right now, send it over to me. All of those things are definitely something to look out for.
Brad Means: Okay, so Joe, is it when we open the email or when we click on the link that the virus slips in?
Joe Holloway: So there’s different ways of that attack happening, but yes, definitely the clicking of the link is gonna be a dead giveaway. It usually is gonna lead you to another website, ask you to either divulge information or it could literally just download something as soon as you click it. And then essentially that is downloading a virus.
Brad Means: What about software updates? It seems like every week my device is saying that it’s time to do that. I’m scared that will make my battery die faster and make me have to go buy something new sooner. What about software updates?
Joe Holloway: Well, the alternative is better than not updating, right?
Brad Means: Yeah.
Joe Holloway: So you definitely want to maintain updates, know what type of devices you have, right? So the average household right now has about 22 devices. You’ve got ’em on your arm, you’ve got ’em in your pocket, you’ve got ’em stuck up in a corner inside of your room, right? So cameras, right? So everything needs to be some form of inventory, right? Know what you have so that you can secure it. With that, I would say make sure that the security patches are at least done on a monthly basis.
Brad Means: Okay.
Joe Holloway: Take out your cell phone, make sure that there’s no updates that are there if you can subscribe to automatic updates, right? Because usually the software has to run on something that’s up to date. Sometimes the apps won’t even work after a certain period of time.
Brad Means: What about password security? How important is that? Because it’s difficult with all those devices that you mentioned to remember all of our passwords.
Joe Holloway: Sure, so password security, if you think about any specific account that you have to log into, password is only half the battle. The beginning of course, is gonna be your email address usually, right?
Brad Means: Right.
Joe Holloway: So if I already know your email address or a phone number that’s associated with your account, that’s half the battle. Right now, I just have to know your password. The unfortunate thing is there’s not someone on the other side of the computer screen sitting there trying to type in your password and typing it in randomly, right? It’s usually a piece of software that’s running in the background is trying a bunch of iterations of the same or a big master list of passwords, right?
Brad Means: Let me stop you real quick.
Joe Holloway: Sure.
Brad Means: How come it gets to try several iterations and I get kicked out after three mistakes?
Joe Holloway: Yeah, well then good on whatever company that is. That is definitely a safeguard or a control mechanism in place.
Brad Means: Okay.
Joe Holloway: But not every website does that for you, right? So it just depends on that particular industry.
Brad Means: Why can’t I store, and you may have just pretty much answered this, my passwords in the notes section of my iPhone. Is it because someone could break into my phone?
Joe Holloway: Yeah, I would say so there’s devices that can literally just bypass the login screen of your iPhone. Oh, it’ll try a bunch of pin codes. So the most common pin code, because our human nature, we want the easiest route, right? So I don’t wanna make a 10 digit pin code for me to get into my phone every time.
Brad Means: Yeah.
Joe Holloway: I pick four, right? But the possibilities of four, there again, it’s not me trying four pin codes over and over and over again. It is literally a device you plug in that tries them randomly.
Brad Means: And I am learning a ton. I just wanna let you know that number one, let’s talk about multifactor authentication because sometimes it is a pain and I know it’s a good pain, when I’m trying to get to a site or an account and it says, yeah, you can come in after we text you and you tell you tell us the code we texted you. Do you support that?
Joe Holloway: Yes, absolutely. I would say outside of your password, of course the next level, it’s something that you know, is your password, something that you have is gonna be some form of authentication, right? You’re talking about MFA, multifactor authentication, sometimes also known as two FA, second factor authentication or two factor authentication. With that, we have a couple different options. You have Google Authenticator, there’s Microsoft Authenticator. Most of the banking organizations and credit card companies send you some type of text message, right? So that’s on by default, but it’s definitely something that you want to pay attention to. And if you watch the Georgia Cyber Center’s post for the cyber security awareness month, there should be links that are going out for whatever specific platform that you see it on. So you should see Twitter would have how to do MFA on Twitter. Facebook will have it on there as well.
Brad Means: Joe, do you like or trust hotel wifi? Because sometimes that’s so convenient. But one time I used it and then someone got on my Netflix account, how did they get into my laptop and take that?
Joe Holloway: Well, so not necessarily getting into your laptop per se. So think of open wifi as being a dangerous area, right? You’re trusting, you’re inherently trusting whatever that open wifi is. Now, do you know for sure that’s a legitimate access point, right? So those access points being given you the access to get on the internet, right?
Brad Means: Right.
Joe Holloway: I could set up the exact same thing, pretend to be the wifi for the hotel and then essentially sniff or look through all your traffic going to the internet.
Brad Means: Wow, so you could be in the room next door and it says Hilton wifi and I’m like, oh great, but you made that up.
Joe Holloway: Yes.
Brad Means: So how do you avoid that? Is there, do you pay the extra couple of bucks for the secure hotel wifi. Or can you bring a device and plug in your computer?
Joe Holloway: Or yeah, or pay the extra money for the hotspot on your phone.
Brad Means: Okay, the hotspot, that was my next question.
Joe Holloway: Yeah.
Brad Means: You trust that?
Joe Holloway: I would trust the hotspot on my phone over a hotel wifi.
Brad Means: No, that’s great information.
Joe Holloway: Yeah.
Brad Means: I didn’t know that, okay, good. So hotspot beats most everything else. What about national security threats? I don’t wanna overthink things here, but do you all teach anything or do any training where we can make sure that we’re safe at work, especially to keep national security threats from jumping on us?
Joe Holloway: So I know the Department of Homeland Security has an agency, the CSA, a critical infrastructure, they do a lot for the industry, right? So they have a website out this csa.gov. They have the ability to give you a lot of different information for organizational and also just for the end users or viewers at home. They can get a lot off there as well.
Brad Means: I probably have two more questions for you. One is, is Bitcoin good or bad or do we know yet?
Joe Holloway: I usually don’t delve into Bitcoin a whole lot. That’s just my personal preference.
Brad Means: Sure., okay, good. I won’t either then I’m follow you. I’ll follow your lead. And just my last question is, do we still have a ton of jobs available in the cyber field? It seems like at one point there were a hundred thousand openings out there. How’s it looking out?
Joe Holloway: Yeah, there’s a ton. So originally I would say whenever, I would say probably about a year ago, cyberseek.org, whenever I started learning a lot about cyberseek.org, they do a national average of what those open jobs are, right? And so a lot of folks think about cybersecurity, they think, oh, I want to get into cybersecurity. Well cybersecurity is kind of like the overarching umbrella. There’s so much spinoff that goes from that, with that, yes, to answer your question, there’s close to 700,000 open cybersecurity jobs.
Brad Means: It’s a great field to jump into it.
Joe Holloway: Yeah, absolutely.
Brad Means: Wow, Joe Holloway, Georgia Cyber Center, Director of Elite Training, thanks for what you do and thanks for helping me understand a ton of stuff about all things digital.
Joe Holloway: Yes, thank you for having me.
Brad Means: Absolutely.