On this episode, hosts Tara and Christy talk with Mitchell Christie. He is the Network Security Analyst for the City of Thomasville's Information Technology Department. Mitchell shares practical ways to help keep our electronic devices safe. Thanks for tuning in!
On this episode, hosts Tara and Christy talk with Mitchell Christie. He is the Network Security Analyst for the City of Thomasville's Information Technology Department. Mitchell shares practical ways to help keep our electronic devices safe. Thanks for tuning in!
Welcome to Thomasville Insights with the City of Thomasville. On the podcast, we'll talk to experts on everything from Thomasville history and events to daily operations and city business, all while having some fun in the process where your hosts, Tara Pearson and Christy Owens. Welcome to the Thomasville Insights with the City of Thomasville. We're off to a great start this year and it's really been exciting. And I don't know, it's a new year and we've already had a storm. Kristi. How did that go for you? I know, you know, we're so fortunate in Thomasville that lately we've seemed to kind of been dodging the bullet with a lot of these thunderstorms that have been headed our way. And our electric crews certainly earlier this month did a great job and getting our customers back on line and power restored. And like I said, we certainly dodged a bullet. We didn't have as much bad weather and high wind speeds as expected, but we did suffer some damage here. But like I said, our electric department always does a great job and so we were able to power through and keep our little community intact. Yeah, Thomasville is such a great community and it seems like everyone comes together and supports each other. And just to see how the community has been responding so positively to the outages, it's it's, it's amazing that it is. We're very fortunate. Here we are. So I'm Tara Pierson, public information officer for the city of Thomasville. And my co-host today is Christy Owens, director of marketing for the City of Thomasville. And I really am blown away at your expertise, Christy, in the marketing field. And I just think that there's so much more that we could do with that kind words. Tara, thank you. And you're a great addition to our department. To our department, and we're glad to have you. And I'm happy to be co-hosting with you today. And we have a wonderful guest here with us that we're excited to introduce to everyone. He's also a new part of our team at Team Thomasville. We have Mitchell Christie. He is the one of our network security analyst for the city of Thomasville, and he's been with us for a short time, about four months. Is that right? I believe so. Time is flying, Yeah, we're we're happy to have you and we have a great topic today that we're going to be talking about cybersecurity and ways to sort of keep yourself safe. Many people may have received a laptop or new cell phone or some sort of device over the holiday. So we thought this was a great opportunity to bring Mitchell in and maybe give some wonderful tips to us to help us keep safe and working on all those devices at our homes and businesses. Right. So if you're someone like me, Mitchell, I mean, the tech world or take terminology or lingo, that's something that kind of flies over my head. So let's start off what is cyber security? How can we stay cyber safe? So I feel like with every industry that you could get in, there's always going to be lingo and things that just kind of go over your head and you're like, What does that mean? And people using acronyms, three letter acronyms for you, like, But with the tech industry, it's similar. Yeah. Once you kind of catch onto the grasp of things, you start saying, a lot of this makes sense. You know, what I heard two months ago? Makes perfect sense now where it was a foreign language before. And so to answer your question, what is cybersecurity? I think that when you look at everything in life, there's a duality to it. So you have criminals, good guys, bad guys, you have protagonists, antagonists in books and in the virtual world or the metaverse or cyberspace, whatever you want to call that place in that world is the same thing. We have cybersecurity professionals like myself, and on the flipside, you have cyber criminals. And so cyber criminals are constantly trying to gain an advantage over users of the cyber space, whether that's social engineering or I'm trying to get your information and gain trust with you so that I can gain access to your information or things that you may have, or I'm trying to get into your company and then hold your company for ransom. All of these tactics are things are what make cyber criminals, criminals. And to have that checks and balances, you have to have professionals in the field who are constantly trying to get ahead of the criminals, constantly try to understand what they're doing in order to safeguard the space from them. For regular users, for people like yourself, who I don't want to know all this technology terminology, I just want to know can I get on the Internet and safely go to Facebook or can I get on the Internet and safely do these things? So cyber security is that practice of continuously trying to safeguard the metaverse or cyberspace, the virtual world against criminals and make it safe so that everybody can just enjoy the Internet for kind of what it was intended for? Yeah, you may have sort of answered the next question I was going to ask you, but, you know, why is it important for us to sort of be aware that there are these threats out there? Are these bad guys out there that are really just trying to take over and get your information off your cell phone or your computer or whatever. So why is it really important for us to be aware? I guess so you can protect that information, right? So if you don't know somebody is chasing you, you don't know to run. Right? Right. You don't know too hide It's important person, it's important for you to have some type of knowledge of what's going on. How are these criminals constantly gaining access or hacking people's phones? Like you say, hacking their computers? I need to know these things so I know what to look out for. And when it comes to knowing there is thousands of resources out there that will kind of keep you up to date, i like to tell people find a i.t friend. You just can and just kind of ask, hey, so that's going on in your field today, you know, And that way you can, you know, somebody can put it in terms of where you are or tell you what to look out for. And like I say, it's really important to know what to look out for so that you know how to navigate those spaces. So you've already given us a best practice, which is fine to achieve, right? Which I'm thankful working at the city atmosphere. I know a few of them, but a lot of it. Right. But if I did it work in a place or went to school in a place, I really associated myself with that or anyone that's listening to us. What are some more best practices that they can implement or what have we done at the city to safeguard our our cyberspace and our assets with the city and our citizens assets? What can they implement at home? So with the city and it is having you're dealing with a bigger business or it's an entity, you have a lot of things in place to keep the entire city safe. You think about it, there's probably about four or 500 employees who are either on the network, on a computer or on a laptop. All of these people have to have some type of protection going on. So there is firewalls, there's different things in place on a smaller scale for individuals. I always recommend when you get a new computer installing those antivirus software is like magazine or in different things like that, making sure that routinely or, you know, once a year or so, you're running a malware scan from like malware bytes or these sites that will allow you to download something so that you can scan to find, you know, bad things that you may have accidentally downloaded or, you know, your kid may have downloaded trying to get something else. All of those things can help. But again, the cyber criminals, cyber criminals are always working outside of having a cyber security friend or installing certain softwares. There has to be some type of practices in place, best practices for you to say, you know, how can I make sure I navigate this space safely while two factor authentication on your devices and your sign in? So a lot of people like to say, Well, I don't like two factor authentication because it takes forever and you know, I don't want to do that extra step of 30 seconds just to log into my computer or to my Amazon account. With that being said, I always tell people when you go home, you have to put your key in two locks. You have a top lock in a bottom lock. If you know the bottom lock was so secure and it was the easiest way, then you you wouldn't have a top lock. Would you have that top locked as an extra layer of security? And that's kind of what two factor authentication is. It's yes, you have the information or the log in the username and password. But let me make sure that this is you with this information and not somebody else with this information. So I always push for two factor authentication on devices, on emails and things like that, just as that extra layer of security, just in case your information is compromised. And then secondly, I think that learning how to inspect a email is very important validity of emails is one of the or posing as a trusted source when sending an email is one of cybercriminals. Biggest. You know, I want to say moneymaker. Yeah, way in. But say one of their biggest attacks, social engineering in general, which is where I'm trying to gain your trust in gather information so that I can then later do you know things that are going to not physically harm you, but are going to harm your bank account or going to harm your your your computer are going to harm your information. So I always say check and double check who this email is coming from. Make sure that you are expecting this email from this person. If you are not and you think everything looks okay, but they sent you something random, call them and just make sure, Hey, did you see me this? Because a lot of times we are one click away from going down that rabbit hole of disaster where you know, you think that so-and-so at Thomasville dot org sent you something, but instead of the A in Thomas is an O, and now the person sending it to you as click, you click on a link or an attachment and now it's downloading, you know, all type of spyware, malware, all type of things on your computer. And now you're in that position to where what do I do now? So simple things people can look for. Misspellings in the emails. That's probably a key thing that's normally that's probably not a legitimate email. Right. And so I know within the city of Thomasville recently, that was something that was a cybersecurity week or something that we were celebrating. And so the city was trying to educate our employees about, hey, you need to start, you know, being more aware of these email threats that are coming through. So there were a series of emails that were sent out amongst our staff to try to basically, you know, get us to get people to click on these links and then say, hey, did you realize this was not a legitimate email? And they were you know, people try to get sneaky. There were some emails that came and looked like they were from our city manager or h.r. Director. So you think, of course, you see their name pop up and you think, okay, this this is the real deal, right? Let me go ahead and click on this link. And surprise, surprise, those were not legitimate. You know, So we get tricked, too, and we're around. We have staff, you know, with us that are constantly training us and we think we know what to look for. But, you know, again, during this this testing that you guys did with all of us, we certainly realized that, hey, our staff needs to be educated, too. So so going back quickly to something that you said, you mentioned anti-virus software is is a key thing that people can do. Is there a good one that you recommend that's free? Because I know sometimes if you're buying a new computer, you may have some software on there that you may get a trial that's three months and after that you have to pay for. But I know there are some free software programs out there that are good that you can download. So is there one that you would recommend? I always would say just go, you know, the big three, I think nor any McAfee I know are at the top of that list or somewhere close to the top of that list. A lot of times, any time you're getting something for free, there's going to be drawbacks and there's going to be pluses and minuses. But as a, you know, just the individual user, it's your home computer. I think those two will probably get the trick done. Yeah, but again, like I say, there's that that landscape of cyber as a cyber criminals is always working. They're always trying to figure out, okay, they've locked door number one, how can I either get around that lock or is there door number two? Is there a door. Yeah. Three. So like I say, get it for an. Stay up to date on what's going on so that, you know, like, the software that I do have is either out of date or needs to be updated or I should change and get something different. So I would say start with those two and then kind of find out if those will work for you. Maybe they will for what you going to do if you're just kind of scrolling and using the internet for like casual things, then I think those two would definitely do all that you need. But if you have more, if you're a person who's always on the computer, always working, always having to download something and communicate, you might want to, you know, get something a little strong or actually pay for the Norton or the McAfee, the maybe the upgrade. Right. So it is all about the usage that you have and then what you are doing online. Like everybody's not doing the same thing. Right. What about going back again to you mentioned the two factor authentication. What how would someone go about setting that up like on their cell phone? Is that port? Is that per app that you use? Is that just something you set up and it covers any apps on your phone? How would you go about setting that up? Because I'm sure a lot of people don't know how to do that, Right. So on your phone, it's very easy. It's in most of us already have it. You have a facial recognition scan and then if it can't recognize your face as you to put in a passcode, or you can always put in the passcode and you can bypass the face. So that in a sense, is already a two factor to get in your phone. But then by app, there can be there's a setting to where you can put to factor all the important things like if I'm signing in to my Instagram and I haven't signed into my Instagram on this account before, it almost always says, Hey, we just or, you know, send your email to say there's a new sign in from this device. Or I know what always happens with your iCloud. You sign into iCloud when a new device is going to send you that email to say, Is this you? So that's one side of two factor to go a little deeper. If you go to your email, let's say you use Gmail or Outlook, you can go to those settings and turn on two factor authentication within the settings. And sometimes there has it has different versions too. We're always going to ask for an email or to text you a code, right? And different things like that. So within almost all apps, if they offer two factor authentication that it's as simple as going to your settings and enabling it and then setting it up, okay, That makes sense. And you know what? So I think we've gained a lot of information today. The only thing that I wanted to ask is at the city we had our phishing simulations that Chrissy was just referring to. Are those resources available to individuals for free or other organizations to help educate them on how to inspect an email and what to look for? Because if you only do something once a year, I'll have to pull out the instructions next year. Right. So is there something that people can easily get to free, accessible and they can be taught how to do? As far as the. So the phishing campaign was a big thing in in the city. I think it was the first time it was done on that scale, but it was done like that because phishing is the number one of the number one ways that, you know, hackers gain information. It's easy to pose as a threat. I know Kristy said that you get an email and it has the city manager's name on it. Well, you got to understand that person who's in that email knows that that's your manager. They've done some type of research, they've gained some type of access or information. They know, Hey, if I send an email to Christy with the name of her manager on there, she's probably not going to inspect the actual images or see where it came from. And in those instances, again, it goes back to looking through her email before you start clicking or following directions in the email. As far as there being tools to do simulations the way we did, I'm not sure there are tools for just individuals, but I know that I tell you always have YouTube University. Go to YouTube University. There are countless in countless videos that will teach you how to effect heavily inspector email, what to look out for and the like. I say, staying in touch with those i.t friends or getting on some of these cybersecurity forums that are free. We have some from the government, we have some from the top. Most of the top security firms. They have some type of form where you can just go read what other professionals are talking about. All of these things gathering information and just kind of staying in the know will help you with knowing what to look out for. And you know, because I know we talked about is the holidays and people are go and they're coming from the holidays where hackers know that. So if I know that, it's almost Christmas time, Tara is going to be on Amazon ordering gifts. I'll say her email from a Amazon is bill.com. You know, have her say, your package is going to arrive late, click here to get urgent shipping. Or is that something that Amazon would say you're more likely to click on that without superspeed and then is going to ask for your logging and it looks like the Amazon account. So you put your log in, but it won't let you log in. And really what's happened is you giving that person access to know what you're logging in as they watch you type your password and they watch you type your address. Right. So we can go to YouTube. If there's are if there isn't someone at your place of employment or anywhere else that's teaching you how to inspect an email. So you can quickly do that free of charge, of course, and social media. And you've learned something on how to keep yourself safe in your kids. I know my children are on the PlayStation, so I'm worried about what they're downloading. But now I know I can actually invite them in on learning how to watch out for things while they're on the worldwide Internet. Right. Mitchell, thank you so much for joining us today. I don't know about you, but when I dive into things that I'm not knowledgeable of or knowledgeable of, I get like a little nerd and I just want to. But other than that, if you keep that inner nerd going, I promise that you'll probably be perfectly okay. Because again, it all comes back to the knowledge that you have certain things, knowing what to look for, knowing somewhat of what their tactics are, and then you can, you know, kind of navigate this space safely. Yeah, I guess some of that just to recap some of the key takeaways, you know, make sure you have that antivirus software installed. Absolutely. On your computer, set up that two factor authentication. If you're able to do that on whatever apps you're using or even just to, you know, open up your cell phone, you know, don't disable that where it's asking you for the face recognition or the password or whatever. Keep those things enabled on your devices and really kind of don't be lazy when you're, you know, looking at your emails if you're in a hurry and or if your inbox is full and you're just trying to look for things and clear them out of your inbox, you know, make sure that you're paying attention to misspelled words and links and things that you might find in those emails so that you're not possibly downloading something that can be a detriment to the personal information on your device. So like Tara said, we appreciate you being here. We appreciate the tips that you provided. And Tara, I'm sure there's some other announcements going on with the city. So you want to share with us anything that might be coming up. Yeah. So we have a let's discuss session with our citizens is open free to the public Tuesday, January 23rd. That will be from five thirty to six thirty at our Thomas County Public Library on North Madison Street. So come out. It's been cold lately. We've experienced the storm. So I know people want to learn ways on how to save on your utility bill so we can put that money stories. Other things, especially after the holidays. And lastly, we'll be celebrating Black History Month with our parade and celebration downtown on Saturday, February the third. Yeah, So we appreciate everyone again, join us and listening into our show today and certainly want to thank Mitchell again for being our guest today. And if you enjoyed what you listen to today, we encourage you to subscribe to our podcast on your favorite listening app so you don't miss an episode. Thanks, everyone, and we'll hope you join us next time. You've been listening to Thomasville Insights with the City of Thomasville. The show is produced by the City of Thomasville Marketing Department. The show's music is by Pond five dot com. To learn more about the City of Thomasville, visit Thomasville dot org or follow us on social media. Don't forget to subscribe to the podcast on your favorite listening app so you don't miss an episode. Thanks for listening.