By Jim Ostendorff
For The Bellingham Business Journal
Nearly three years ago, I started a cybersecurity program at Peoples Bank. The bank was looking to take its security measures to the next level, and I jumped at the chance to lead this effort — even though, I must admit, it was a daunting assignment at the time.
After nine years working as an IT support services manager, I knew firsthand that cybersecurity is a part of everything we do at Peoples Bank. Our IT department is well-versed in what is going on in the industry and keeps our systems patched and current.
That strong foundation helped me succeed from day one and continues to help me stay ahead in this ever-changing field. Here, in my opinion, are five important aspects for keeping your company — and customers — safe.
Make security relatable.
Cybersecurity isn’t always the most riveting topic. Yet it’s vital for cybersecurity experts to communicate effectively because we need all hands on deck to keep our systems safe.
Each month, I produce an entertaining, easily digestible employee newsletter.
I try to convey key points about security in a way that people can remember.
For example, I once compared Monarch and Viceroy butterflies to demonstrate how phishing emails work. These two creatures may look the same at first glance, but upon closer inspection, they are very different.
Likewise, it’s important that employees can distinguish between phishing and authentic emails based on clues such as requests for urgent action, unfamiliar links or small typos or grammatical errors.
When I get comments on my newsletter it shows people are reading it, and, most importantly, are learning how to keep our systems safe.
Find trusted sources of information.
Cybersecurity threats and vulnerabilities are constantly changing.
You practically need to be a cyber-detective to decipher which threats may affect you, and if need be, how to address them.
There are always tons of articles being written about cybersecurity, but I rely on a few trusted resources to help me stay informed and ahead of the curve.
Sources like www.knowbe4.com, www.ffiec.gov, www.krebsonsecurity.com and are especially useful.
Staying on top of cybersecurity isn’t always about reacting to a threat. It’s equally important to plan ahead for one.
That’s why measures such as security patches, multi-factor authentication, and limited administrative privileges can help build your defense against security breaches.
It’s also a good idea to meet with your IT, legal, and communications teams regularly to have a cybersecurity plan in place and be ready to execute it if need be.
Test your assumptions.
There’s never time to be complacent.
When you think your systems are patched and updated, permissions are appropriate for your users, and everything seems to be in place, that’s a great time to see how secure and prepared you really are with a network scan and security assessment.
You can either run it on your own or hire a professional firm to conduct a vulnerability assessment and penetration scan. A vulnerability assessment tool that I recommend is Nessus Professional ().
These kinds of products help you see how you’re doing and give you a chance to find and patch holes before the bad guys exploit them.
Maintain diligence on mobile devices.
One of the biggest cybersecurity mistakes involves having a false sense of security regarding mobile devices.
People may think, “my iPhone is unhackable so I can click on whatever I want.”
While mobile devices often have excellent security measures, the world of cybersecurity is ever-changing.
It’s important to remember that mobile devices expand your digital life, and therefore can raise risk factors.
Cybersecurity experts must continually focus on mobile security issues and anticipate potential vulnerabilities.
Addressing cybersecurity is a major responsibility for any organization. For me, the opportunity to protect our employees and the community we serve fuels my dedication and passion for this dynamic industry.
Jim Ostendorff is Vice President and Cybersecurity Officer at Peoples Bank and has nearly 20 years of experience in IT.