CBICC luncheon considers cybersecurity

Trailblazer International President Scott Johnson asked a room of 60 business people Thursday if they’d ever been hacked.

Not a hand was raised, but just about everyone cracked a smile and some probably thought ‘not a chance I’m saying yes.”

Johnson was one of two speakers at the Chamber of Business and Industry of Centre County’s Cyber Security luncheon at the Nittany Lion Inn to advise business leaders on strategies to keep their information safe. Pennsylvania State Employees Credit Union assistant vice president and chief information security officer Scott Davis also spoke at the event.

Johnson, who worked in the Secret Service for 25 years, changed his question.

“How many of you don’t know if you’ve been hacked?” he said.

And, sure enough, almost everyone raised their hand

“If you take anything away from this presentation, it’s that you have to be proactive with your data security,” Johnson said.

“One thing I try to do in training and teaching is to get people to understand this isn’t just an IT risk,” Davis added. “Every business decision has to have thought behind it and an understanding of all the risks associated with information security. It’s natural to think IT will cover it, but control structures in organizations are made up of people and processes, too, which are as important as IT.”

Davis said the most common mistake people make, both in their personal lives and with their businesses, is not taking cyber security risks seriously.

“A lot of people underestimate the risk, especially in their personal lives, that are out there, and they aren’t vigilant and not paying attention,” he said. “When you’re on the internet it doesn’t seem like it’s not safe, and the hackers are very good at hiding what they’re doing.”

Johnson said hackers will find weaknesses to breach data if you don’t protect it.

“People don’t consistently manage their information security,” Johnson added. “You have to stay on top of your updates, risk management policies and everything else going on in the world. You have to continuously pay attention, because hackers are continuously looking for vulnerabilities. The first thing we do when we look at a client’s system is find their vulnerabilities, and if our client isn’t up-to-date, boom, we’re in.”

Tips offered by Johnson and Davis included securing electronics with passwords and to periodically change passwords, using a variety of passwords, encrypting hard drives, limit personal information on social networks and using a separate computer specifically for financial and health information