By Aila Boyd
aboyd@ourvalley.org

B Bagby, assistant professor of information technology (IT) at Virginia Western Community College, served as the guest speaker during the Botetourt County Chamber of Commerce’s networking lunch last Tuesday at the Botetourt Family YMCA in Daleville.

B Bagby, a self-described “recovering IT manager,” is an assistant professor of information technology at Virginia Western Community College.
Photo by Aila Boyd

In his current role, Bagby heads the Virginia Western Community College Center for Cybersecurity and teaches programming, networking security, and the IT capstone course. Before joining the faculty at Virginia Western, Bagby spent nearly 20 years in IT support and management.

The topic of his presentation was “Cybersecurity: It’s going to be okay!”

I’m here to help stir conversation— meaningful conversation about what we do now as individuals, and as small and large businesses. And how to deal with the fallout of so much change and so much complexity,” Bagby said.

Bagby started off by noting that it’s oftentimes difficult to know who to talk to and to get straight answers from IT professionals.

More recently, he said, a shift has occurred surrounding cybersecurity thinking. Previously, cybersecurity was thought to be a fad, but now the discussion is centering more around the fact that people didn’t even realize that it was a problem.

High school and college students often don’t realize that sharing information online can pose a serious threat, Bagby said.

Their whole life has been shared. Their identity is a digital identity. They don’t realize what that means,” he said. “I think most of us who are already in business realize that this is something we need to think about.”

He then went through his top five “high level” tips.

Acceptance

The first tip was to accept that the online climate is never going to change and that the need for cybersecurity will persist.

He noted that the objective when it comes to cybersecurity at this point is not to make things better per se, but to at least be able to get a grip on the risks that arise out of Internet usage.

Understanding business risk

Next, he said, those in attendance needed to make it their business to understand their business risks. He used the example that someone wouldn’t build a house or business in the middle of a floodplain accidentally because most of the time people do their due diligence before committing to a project as extensive as a build. He explained that the built-in tendency to make assessments before building something should translate to cybersecurity.

If your business is on the Internet, you’ve kind of built in the middle of a river,” he said. “Just being there means that you’ve accepted risk. You need to be aware of that and realize what it means.”

He noted that when doing a risk assessment, the question of whether or not the risk that is being taken is meaningful.

Planning for risk

A disaster recovery plan, he explained, should be established for every business no matter the size. He noted that most people have a plan for whether to “grab the cat, kid, or photo album” if their house were to catch on fire— a similar plan should be devised for businesses.

He encouraged chamber members to start gaming out various scenarios and to at least formulate a barebones idea about what they would do if dealt an unfortunately setback.

Data, a valuable asset

Treat data as one of your most valuable assets,” he said.

Bagby noted that although most people don’t view email as a form of data, it is. To drive the point home, he asked how much he could learn about those in attendance and their businesses if he were to go through their email accounts.

Websites are also a treasure-trove of data, he explained. Because most companies like to have fully fleshed out websites that include company and employee information, it’s very easy for troublemakers to impersonate company officials.

He added that companies that hold membership lists on some sort of Internet accessible database have to be extremely careful because privacy laws apply.

You have to think about your data and treat it like an asset like you would anything else,” he said.

Education

The vast majority of challenges that have to do with data have occurred because of employees,” Bagby said.

He explained that employees frequently open emails that they shouldn’t read or click on links that they shouldn’t open or provide their login information in places that they shouldn’t.

If you don’t have some sort of training program for your employees or yourself, you probably should just because it’s always changing,” Bagby said. He added that studies have shown that even if the training isn’t extensive, simply stressing the importance of diligent Internet practices can make a big difference.

Other advice

One of the easiest ways to protect oneself, he said, is through the frequent changing of passwords. Previously six- to eight-character passwords were acceptable, but now passwords need to be at least 12 characters long in order to prevent hackers from easily gaining access to one’s account. Other advice that he gave pertaining to passwords included never use the same password for another site, never reuse a password, and to change passwords once every 90 days.

He also suggested utilizing a password manager such as Last Pass. Most password managers allow users to enter in all of their account information that they want managed and it will frequently change the passwords for the various accounts automatically. Instead of having to remember different passwords for every single email, banking, or retail account, users only have to remember their password for the password manager.

Lastly, Bagby urged those in attendance to consider obtaining some kind of data insurance. He explained that from an insurance perspective, there are two different types of breaches: personal and client. First party insurance will pay for the cost of a breach on individuals’ networks, whereas third party insurance will cover the cost of lawsuits when an information technology consultant is sued after a client’s data has been compromised.

Third party insurance can be good for businesses that deal with high quantities of data, he said. The insurance, he added, will assign the risk to someone else.

The boxed lunches were prepared by Nick of Thyme Bakery and Catering.

Inco-Check