A day in the life of Cyber Security Specialist Dustin Erhardt
There are hackers among us. And one is a lot closer than you would ever guess.
Dustin Erhardt is a Certified Ethical Hacker, just one of the many certifications he earned to help him be more effective at his job as a cyber security specialist III at Basin Electric. “It helped me learn how to be on the offensive side of security by learning what hackers do,” he says. “Businesses are always on the defensive side, and this class helped me better understand what the bad guys do and how they do it. It was really interesting, but scary.”
Erhardt says the odds are in favor of those “bad guys” because security professionals have to find all the holes a hacker could use to get into the system, but the hacker just needs to find one hole. “We need to learn what to look for and help all the users know what to look for to avoid being hacked.”
With more than 2,300 employees at Basin Electric’s facilities and countless cyber criminals attempting to weasel their way into the network, it takes a team of 16 to keep Basin Electric and its valuable data secure.
“A lot of people want our data or access into our systems, whether it’s to obtain user data, credit card information for financial gain, or just to encrypt our files to be destructive,” Erhardt says. “They are constantly finding clever new ways to get around the roadblocks we put in place. We can install all kinds of security controls, but all it could take to circumvent everything we’ve done is for one user to click a link or open an attachment that shouldn’t be opened.”
Because security is everybody’s responsibility, Basin Electric’s Information Services and Telecommunications (IS&T) team has been focusing on keeping employees aware of potential threats, educating them about what to look for when they receive suspicious emails, and letting them know of the detrimental effects these things could have on the co-op if they’re opened.
Basin Electric has been hit pretty hard with its fair share of email and social engineering schemes. In the past six months, five significant events involved ransomware, a type of malware that can be covertly installed on a computer without a user’s knowledge or intention, encrypting files and demanding the user pay a ransom in order to get the key to restore the infected files. IS&T also sees daily occurrences of other types of malware.
Fortunately, because of successful backups, a cross-sectional team within IS&T has been able to restore the sometimes thousands of files without having to pay a ransom, “which could have been a significant amount of money,” Erhardt says, “our members’ money.”
Erhardt says the most challenging part of his job is finding a balance between security, usability, cost, and risk. “You can make a business super secure, but it would likely be hard for employees to use and probably be cost prohibitive. We need to have the best balance for our business and, ultimately, our members,” he says.
When asked about a typical day, Erhardt says there is no such thing when working in the cyber security field. “Some days it’s attending meetings, others it’s collecting data and evidence for audits, performing security audits, attending security training, or educating users. Every day is completely different – and that’s what I love most about my job,” he says.
Like technology, security is ever changing. Erhardt has been with Basin Electric for 11 years – almost consistently since college, working first as an information technology intern, then finding his true passion when he was hired as a security technician after graduating from college. He says back then, the focus was almost solely on building perimeter security, because computers were kept inside the facilities. “Today, with the advent of smart phones, apps that contain personal data, mobile computers, tablets, and cloud storage, the scope is so much broader,” he says. “It’s a never-ending challenge. You can’t get comfortable. You have to constantly keep learning."
Erhardt says cyber criminals don’t always need to do anything illegal or intrusive to get the information they need to tap into your home or office computer, bank account, online shopping account, or other private or secure site. The information they need is often highly accessible if they know where to look.
“There is so much information available online, and so much of it is public, making security a major challenge,” Erhardt says.
He says most online passwords require security questions in case users forget their passwords, but the answers to these questions can often be found by doing a little detective work. One of the most common password retrieval questions is, “What is your mother’s maiden name?” That information can often be found by searching obituaries, where close and extended family members are listed … with maiden names in parentheses. Another popular security question is, “What is your pet’s name?” An easy way to find that is to do a simple Facebook search. Almost all proud pet owners post the occasional picture or anecdote about their furry friends.
Businesses are not immune to cyber stalking, either. Hackers who want to get into a company’s network can search job postings, which list the programs the company is looking for experience in. Publications, documents, and presentations shared outside the business’ walls share a variety of information about the company, as well.
While it’s unnerving to realize how readily available this information is, it is also empowering. Knowing these tricks can help you step up your security defenses. Simple strategies such as creating more secure passwords, being cautious about what you click on, and limiting what you share online will make it harder for would-be criminals to make you or your business a victim.