OTTUMWA — Those working with technology weren’t the only ones concerned with cybersecurity. Educators from surrounding communities came to Great Prairie Area Education Agency on Thursday to learn about this broad topic.
Network Services Bureau Chief Ryan Mulhall from from Iowa Communications Network (ICN) said cybersecurity is a protection of systems and networks from digital attacks.
ICN Healthcare Account Consultant Dana Richardson works closely with technology and decided to come with the hope of gaining a grasp on cybersecurity.
“The challenge is the accuracy making and finding resources and mitigating threats,” Richardson said.
Indian Hills Chief Information Officer Cory Lamb wanted to learn more about protection methods.
“With an organization as diverse as ours,” Lamb said, “some challenges are obvious, basically we got everyone from students to faculty to administration and make sure we are protecting those folks and all their information and protecting each other.”
Mulhall said data breaches come from cyberattacks that allow criminals to gain unauthorized access to a system or network which allows them to steal confidential information.
“It’s happened all over Iowa,” Mulhall said. “It happened at a hospital in Eastern Iowa where patient information in an email account was accessed by a third party. There’s also 1.4 million patient records that were breached in phishing attacks.”
Muhall said there was once incident of breaching that happened at a school district. Attendees were shocked and one asked, “how do we get rid of breaching?”
Mulhall didn’t have a direct answer but told attendees to ask three questions. “One, what kind of data do I want to protect? Two, what laws and regulations do I have to follow and be compliant with? Three, who is responsible?”
Mulhall said there wasn’t a single answer. Everyone’s network or what they want in a network can vary. He did give one suggestion though on how to respond to breaching, something that could work for anyone.
“It’s happening to us,” Mulhall said. Use metrics and visuals,” he said. “Use a mean time to detect, mean time to respond and mean time to recover.”
“Mitigate the breach” was the common theme.
“You have to operate as if it’s inevitable,” Mulhall said, “if you haven’t been breached, odds are you’re gonna be. That plan in place and preparation is key.”
ICN Public Informations Officer Lori Larsen recommended people call law enforcement or the FBI immediately when a breach is found.
Mulhall also said cybersecurity is a continuous process.
“In 2016 the state time security plan was published,” he said, “and that’s when the ICN started to look at what we could do and the services we could offer. This time we invited more people to the fold and cities and counties to get their input and implement this more into action.”
Mulhall and Larsen were pleased with the session, especially since cybersecurity itself a broad topic.
“There’s a big push that it’s not just the technology department anymore,” Larsen said, “It’s all employees and everyone within the organization because anyone can click on a link and that could be the breach that happens. Everybody’s role should be security.”
“There is a thirst for that knowledge and networking and wanting to know their experience and where they go and what to do when something happens,” Mulhall said.