Indiana Cybersecurity Hub

PERSPECTIVES FROM THE CAMPUS

One of the strengths of Indiana is that we bring together a variety of perspectives from the plethora of areas that touch the field of cyber, especially through the colleges, universities, and other institutions of higher education throughout our state. Hence the name, “Perspectives from the Campus”, we invite experts – immersed in the pursuit of educating their students – to offer their knowledge for finding solutions in cybersecurity that benefit all Hoosiers.

In the latest installment of this series, David Dungan, who serves as the executive director at the Center for Security Services and Cyber Defense at Anderson University, examines the circumstances surrounding some of the high profile cyberattacks that have occurred globally, and offers his perspective on the impact and what we can to help ourselves (and the companies we work for) to try and avoid being impacted by online fraud.

By David Dungan

Cybersecurity is a massive industry.

According to a recent report, the global cybersecurity market size was estimated at $245.62 billion (USD) in 2024 and it is projected to grow at a compound annual growth rate (CAGR) of 12.9 percent between now and 2030.

Amid all of this growth, there are a multitude of companies – here in Indiana, across the country, and globally -- that host their own cybersecurity programs. There are those who specialize in everything from incident response, intrusion detection and prevention, to monitoring and more.

With so many programs out there to help us with our cybersecurity behind the scenes, it’s easy to wonder how big companies even get hacked in the first place. After all, they have copious amounts of money with which to buy these security solutions. But perhaps, therein lies the problem.

As we’ve learned, large corporations are appealing to threat actors because they have large amounts of money and assets. Successfully executing a cyberattack on a large company can lead to the loss of critical data from clients, customers, employees, vendors, and associates. In 2024, according to the FBI’s Internet Crime Complaint Center, reported losses due to cybercrime in the United States reached a record $16.6 billion; that’s a 33 percent increase from the previous year. In the same report, it was noted that there were 859,532 complaints, with the most significant losses reported in cases involving investment fraud, particularly involving cryptocurrency – totaling more than $6.5 billion!

Therefore, despite the risks of trying to hack a large company, there are additional rewards that are very appealing to threat actors, including:

• Personal customer data, which may contain names, addresses, login information, payment information, or even social security numbers and/or someone’s date of birth.
• Access to other companies, especially if the initial hack impacted a well-known distributor or vendor.
• Free use of the companies’ own tools and public facing information, such as websites.
• Logs and private information that could be used to negatively impact the company or organization.

The most common hacks on large companies are credential theft or known vulnerability exploitation. Credential theft happens when a trusted individual within an organization has their credentials stolen by a threat actor, allowing the threat actor to take actions that require elevated privileges. Credential attacks can be disastrous and represent the reason why many high-level organizations are adamant about relying on the practice of using secure credentials that are regularly changed.

Known vulnerability exploitation is another risk to large companies. Hackers exploit known vulnerabilities by finding out what systems a company uses. From there, they invest their efforts in discovering what vulnerabilities that system has had in the past. Then, they test these vulnerabilities against the systems, seeing if the company has yet to patch them. Large companies, especially ones that have thousands of devices in use across their organization, are prone to these types of attacks; after all, it’s exceedingly difficult and expensive to ensure every single last device is properly protected.

Large companies may seem like the paragon of security. However, with so much to look after, it can and is difficult to fill every crack. The next time you see a crazy password requirement, or an expectation to use multi-factor authentication (MFA), you can think about the outcomes of a credential attack, and, perhaps, take it in stride and it'll be easier than you think. In fact, there's a few (relatively easy) steps you can take to help you avoid trouble.

After all, it’s the resources of this massive industry that works day (and night) to keep you and your company as well protected as it can be in today’s ever-changing threat environment!

Every May, for more than 60 years, we’ve celebrated Older Americans Month; it’s a time for all of us to honor the contributions by older adults to our society – in the past and present –while at the same time, we, collectively, come together to reaffirm our commitment to support them with our compassion and respect.

This year’s theme, Flip the Script on Aging, focuses on transforming how society perceives, talks about, and approaches aging. It encourages individuals and communities to challenge stereotypes and dispel misconceptions. As part of the celebration, we’re also invited to explore the many opportunities for staying active and engaged as we age and highlight the opportunities that come with aging.

With that in mind, one of the issues that we need to “flip the script on” is taking the steps to help older Americans avoid being the victim of online fraud and cyber scams.

In 2024, according to a report from the FBI, older Americans reported that nearly $4.9 billion was stolen from them through fraud, with the average loss coming in at $83.000. That’s an increase of 43 percent. What’s more, adults 60 and older submitted the most complaints of any age group (more than 147,000).

Here in Indiana, in the same report, senior citizens experienced the largest financial losses due to cybercrime in 2024, losing more than $37.2 million. The figure represents a substantial portion of the total $125.1 million in losses reported by Indiana residents due to internet crime in 2024. All told, there were 23,659 internet crime complaints last year.

It doesn’t stop there, as these figures represent just a fraction of the actual amount, for two reasons. Some victims who submit reports to the FBI’s Internet Crime Complaint Center at IC3.gov don’t include their age. Add to that, many victims are reluctant to come forward to report these crimes, either because they’re embarrassed or they believe that there’s no point due to the fact they believe their money is gone for good.

There are four categories, nationally, that account for the biggest financial losses on victims, 60 and older including:

• Investment scams totaled more than $1.8 billion.
• Tech support scams at $982 million.
• Confidence/romance scams : $389 million
• Business email compromise (where cybercriminals impersonate leaders of a company or an organization to get employees to send money or share data) at $385 million.

Fortunately, there are steps we can take every day, both in terms of following a range of best practices designed to keep us safe, and reminding ourselves to listen to the numerous trusted sources who are out there providing their expertise and guidance to help all of us gain an even greater measure of awareness for all things cyber.

Among the steps that the FBI recommends includes:

• Pause and take time to think – and talk to someone. The agency has a Take a Beat campaign, advising people to stop and think before responding to unsolicited communications, and certainly before sending money to a stranger. Most importantly, get a second opinion from someone you trust. Say, ‘Hey, does this make sense that someone would offer me a guaranteed 20 percent return on this investment?’”
• Practice good digital hygiene. Among other safe practices, don’t click on unsolicited links or respond to unsolicited calls or messages. To learn more, check out a great story from AARP Magazine on 15 ways to prevent fraud.
• Report fraud. Report these crimes to local law enforcement and the FBI through IC3.gov. “Reporting is one of the first and most important steps in fighting crime so law enforcement can use this information to combat a variety of frauds and scams. As with most agencies, they’re only as successful as the reports they receive.

Through the state of Indiana, there are also free resources that you can download by visiting the Indiana Cyber Hub website, including a page (and more FREE resources) devoted to helping you in the event that you need to report a cyber incident. If you think you’re a victim of identity theft, the page includes advice on the immediate steps you need to take, along with a full list of the resources that are available to help you!

At a time when cybercrimes have been all too frequent and more sophisticated than ever, it’s easy to feel – regardless of our age or where we’re at in our life – to think that we won’t allow ourselves to get tricked out of our personal or financial information.

Maybe that’s what we need to do to celebrate Older Americans Month, is to flip the switch on the cybercriminals by trusting our instincts, but, at the same time, being willing to show that it’s OK to adapt to today's technology, just as we’ve done with a lot of other things that are popular in the world we live in. You got this.

For all of the technology, logistics, and, yes, the threats – both cyber and kinetic – that surround our global supply chain, there’s nothing more vital, for all of us, than to focus on the protection of our critical infrastructure.

After all, it’s the things that keep us up at night – in terms of finding solutions – is why we’re able to work on making sure it runs smoothly during the day, regardless of which corner of the world you’re in.

And it doesn’t matter if the problem that it’s in front of you exists at a shipping port in Seattle, a water and wastewater treatment facility in a small Indiana town, or you’re a field engineer overseeing the construction of a bridge that links together the boroughs of Manhattan, Queens, and the Bronx, it’s one of the reasons why, today, we celebrate the importance of National Supply Chain Day!

Supply chain cyberattacks are surging, with one report indicating a 431 percent increase between 2021 and 2023. In fact, there are projections that suggest this trend will continue, with Gartner predicting that by 2025, 45 percent of organizations globally will have experienced such attacks. This is a significant increase from 2021, and experts estimate the global cost of software supply chain attacks could reach $60 billion by the end of the year.

As grim as some of that is, there are steps that can be taken to try and help mitigate the frequency and impact of these incidents.

Starting with the premise that any issue involving cybersecurity and the supply chain cannot be viewed strictly as an IT-only problem, it’s important to keep in mind, too, that cyber supply chain risks touch everything from sourcing, vendor management, supply chain continuity and quality, to transportation security and many other functions across the enterprise.

Because of that, it requires a coordinated effort to achieve the kind of outcomes we expect, as it relates to protecting the data that exists within our critical systems, but also to ensure that what we’re doing provides for the safety of the people whose livelihoods depend on it all running smoothly.

Published by the National Institute of Standards and Technology (NIST), there are three key principles for maintaining a high-level security within the supply chain, including:

• Develop your defenses based on the principle that your systems will be breached. When one starts from the premise that a breach is inevitable, it changes the decision matrix on the next steps. The question becomes not just how to prevent a breach, but how to mitigate an attacker’s ability to exploit the information they have accessed and how to recover from the breach.
• Cybersecurity is never just a technology problem, it’s a people, processes and knowledge problem. Breaches tend to be less about a technology failure and more about human error. IT security systems won’t secure critical information and intellectual property unless employees throughout the supply chain use secure cybersecurity practices.
• Security is Security. There should be no gap between physical and cybersecurity. Sometimes the bad guys exploit lapses in physical security in order to launch a cyberattack. By the same token, an attacker looking for ways into a physical location might exploit cyber vulnerabilities to get access.

As you take all of that into account, it’s no secret that the risks to the supply chain are as varied as they are sophisticated, including from:

• Third party service providers or vendors – from janitorial services to software engineering -- with physical or virtual access to information systems, software code, or IP.
• Poor information security practices by lower-tier suppliers.
• Compromised software or hardware purchased from suppliers.
• Software security vulnerabilities in supply chain management or supplier systems.
• Counterfeit hardware or hardware with embedded malware.
• Third party data storage or data aggregators.

There are many different ways for companies, as well as local government, utilities, and other organizations that comprise our critical infrastructure to improve upon their supply chain management while increasing their operational efficiencies. At the same time, strides are being made to manage their costs, even as they take steps to protect themselves against the likelihood of experiencing a cyber incident or having their data or systems compromised by a cyberattack.

What’s more, there is a great deal of free resources available from trusted sources, including the Cybersecurity Infrastructure and Security Agency (CISA) and the Defense Logistics Agency. And, for businesses that are looking to build on their supply chain management, there’s a recent report from Oracle highlighting the 15 best practices that businesses can follow to stay protected and, most of all, secure.  Here’s hoping this adds to the celebration!

PERSPECTIVES FROM THE CAMPUS

One of the strengths of Indiana is that we bring together a variety of perspectives from the plethora of areas that touch the field of cyber, especially through the colleges, universities, and other institutions of higher education throughout our state. Hence the name "Perspectives From the Campus Series”, we invite experts -- immersed in the pursuit of educating their students -- to offer their knowledge for finding solutions in cybersecurity that benefit all Hoosiers.

In the latest installment of this series, David Dungan, who serves as the Executive Director at the Center for Security Services and Cyber Defense at Anderson University, discusses the importance of the proactive role that cyber incident responders provide as it relates to keeping companies and organizations safe and secure when it comes to avoiding a cyber incident or falling prey to a cyberattack.  

By David Dungan

Cybersecurity is becoming more present in everyday life and business environments. Workers are dealing with new cybersecurity requirements every day - don’t click on links in your email, don’t use thumb drives, don’t breathe on the space bar, etc. But what happens when an employee makes that mistake? Accidentally clicking on a bad link, downloading a trojan virus - what steps does the organization take next? They call in the cyber incident responders.

Cyber incident response can be a difficult and high-stakes job. Cyber incident responders are in charge of making sure that the organization can be up and running, safely and securely, as soon as possible. Their job is to limit the impact of a cyber incident on an organization, often saving the company time, money, and resources. They do this through a number of steps before and after a cyberattack.

Before a cyberattack, companies and organizations are well advised to take several  precautionary measures, which can help hinder, or potentially stop, an event before it occurs in the first place. Among the steps you’ll want to initiate and follow include:

• Identifying network and device vulnerabilities specific to your organization’s operations.
• Prioritizing and instituting cybersecurity measures
• Consider monitoring your organization’s network traffic
• Developing policies and conducting training
• Developing a communications strategy

However, precautionary measures can’t always cover every situation; this is especially true when it comes to zero-day attacks. Once an event has occurred, incident responders often have to switch gears and dedicate time to:

• Tracking down the exploit via computer or firewall logs
• Fixing the exploit for all devices
• Returning devices back to operational capacity

So, how much money do incident response plans actually save? To measure this, IBM has their Cost of a Data Breach report, stating that companies that invested in cyber response were saving $1.7 million dollars per breach over companies that skipped it. Even if the incident has already happened, having proactive and reactive measures in place is vital for the company or organization to recover as smoothly as possible.

Of course, the precautionary measures that incident responders put in place are only as effective as the ability by everyone following through and implementing what’s been recommended. It comes down to doing the little things, or the basic steps we take every day, such as making sure you close your laptop whenever you get up, even if it’s just dropping off some paperwork next door.

And be sure, as always, to avoid opening any emails you find to be suspicious or clicking on any links that might be trying to take you – and your company’s critical data or its finances – to a scam from a would-be cybercriminal that could be from anywhere, even if that “anywhere” is halfway around the world.

In doing so, you’ll be better prepared and, for that, to borrow a line from the movie, “Ghostbusters” you’ll be able to answer the question of “Who you gonna call?” thanks to your cyber incident responders and the important role they play in keeping all of us cybersafe and secure!

April is Distracted Driving Awareness Month.

And whether you’re out for a drive, listening on the radio, or you’re at home watching TV or looking at something on your phone, there’s a good chance that you’ll see or hear a public service announcement with reminders to “just drive” and to focus on the road.

It’s good advice, considering that more than 3,000 people died and 400,000 people were injured last year due to accidents caused by a distracted driver. That’s an average of nine deaths every day.

What you might not realize is that in addition to the devastation that can (and does) result from someone trying to send a text, eat a sandwich, shave, or put on some makeup while they’re at the wheel, distracted driving can lead to someone being the victim of a cybercrime.

• The fact is, drivers distracted by their phones are more likely to be involved in accidents, which can lead to situations where their phones are compromised, and their personal information can be stolen.
• Additionally, cybercriminals can exploit the heightened stress and vulnerability of accident victims, potentially leading to phishing scams or identity theft.
• Some of the potential for a cybercrime can also stem from the confusion and delays that can occur as part of the insurance process.
  • For example, a fraudulent claim could be filed using stolen identities, making it difficult for the actual victim to get their claim processed.
• In the aftermath of an accident, there is a lot of property damage and that can extend to a phone or a mobile device, which could be lost, stolen or otherwise compromised.
  • The cybercriminals also could take advantage of the situation by contacting accident victims with false information, such as claims of needing emergency funds, in order to try and steal someone’s money by gaining access to their bank account and other sensitive information.

Likewise, if a driver is distracted while driving and is concerned that they are at fault for the accident, they may be slower to report it to the authorities or respond to emergency calls. They might try to avoid reporting it at all, or they leave the scene altogether. These types of delays can create opportunities for cybercriminals to exploit the situation, either by contacting the driver with fake offers of assistance or claiming to be an insurance adjuster.

While it’s true that, sometimes, there will be situations that you can’t avoid completely. Instead, it has to be managed. Keeping that in mind, there’s 10 ‘top’ tips that AAA recommends that all of us follow as a way to avoid distractions while driving that includes:

• Fully focus on driving. Do not let anything divert your attention, actively scan the road, use your mirrors and watch out for pedestrians and cyclists.
• Store loose gear, possessions and other distractions that could roll around in the car, so you do not feel tempted to reach for them on the floor or the seat.
• Make adjustments before you get underway. This includes adjusting your seat, mirrors and climate controls before hitting the road. Also, decide on your route and check traffic conditions ahead of time.
• Finish getting ready at home – instead of once you get on the road.
• Snack smart. If possible, eat meals or snacks before or after your trip, not while driving. On the road, avoid messy foods that can be difficult to manage.
• Secure children and pets before getting underway. If they need your attention, pull off the road safely to care for them. Reaching into the back seat can cause you to lose control of the vehicle.
• Put aside your cell phone. Never text, read email, play video games, or scroll on the internet or social media while driving. If you have passengers, let them be your co-pilot so you can focus safely on driving.
• If another activity demands your attention, instead of trying to attempt it while driving, pull off the road and stop your vehicle in a safe place. To avoid temptation, turn your phone off or store it somewhere you cannot reach it before heading out.
• As a general rule, if you cannot devote your full attention to driving because of some other activity, it’s a distraction and it’s a good idea to take care of it before or after your trip, not while behind the wheel.

The bottom line is, beginning with the moment we get in a car that we recognize that distracted driving can lead to a chain of events that not only can cause us physical harm (or what we refer to in the cyber world as a kinetic attack), but that there are also digital threats. By taking the time to just drive, we can help protect ourselves – along with everyone else – when we’re out on the road.

This week’s blog first appeared on the SANS Institute’s OUCH! Newsletter on March 1, 2025.

By Dhruti Mehta

Caught off Guard: Steve’s Story

Steve was at his desk when he received a frantic video call from his manager, Bela. She looked stressed in the video call, her voice hurried. “I need you to send the confidential client report to this new email right away!” she insisted. Seeing her familiar face and hearing her distinct voice, he didn’t hesitate, he sent the confidential report to the new email address.

Hours later, Bela walked into his office and asked about the report. Confused, Steve mentioned the video call. Bela’s expression turned to shock; she hadn’t called him. The person he saw on the video wasn’t Bela. It was a deepfake, created by a cybercriminal to trick him.

Steve couldn’t believe how real the fake call seemed. The face, the voice, everything matched his boss perfectly. He had fallen victim to a growing cyber threat where criminals use Artificial Intelligence (AI) to create highly convincing fakes.

What is a Deepfake?

AI can create images, audio, or videos that look real. These capabilities have many legitimate uses. For instance, marketing companies creating images for use in ad campaigns, movie companies de-aging certain actors, or teachers creating dynamic video lessons for their students.

A deepfake is when AI is used to create fake images, audio, or videos for the purpose to deceive others. The name deepfake combines “deep learning” (a type of AI) and “fake.”

Often the most damaging deepfakes are when cyber criminals create fake images, audio or video of people that you may know, doing things they actually never did.  For example, cyber attackers may create fake pictures of famous celebrities or politicians committing a crime and spread them as fake news. Or they may clone someone’s voice and use it in a call to deceive a victim’s family or colleagues. What makes deepfakes so dangerous is how easily cybercriminals can replicate anyone, doing anything, and make it appear real.

Three Types of Deepfakes

Image Deepfakes

As indicated in its definition, the images, often, are either photos of fake people created by AI (who don’t even exist) or photos of real people but showing them doing something they never did. Unfortunately, these fake images can be distributed very quickly and are often used for the purpose of damaging someone’s reputation or manipulating a person’s emotions.  Deepfake images are becoming increasingly common in social media when people, or even governments, are attempting to push out stories that are completely untrue, or they promote false narratives (often called fake news or it’s referred to as part of a disinformation campaign).

Audio Deepfakes (Voice Cloning)

These are fake recordings or phone calls using someone’s cloned voice.  Attackers can get recordings of people's voices from podcasts or sources, such as YouTube. From there, they use   those recordings to replicate their voice.  Once replicated, cyber attackers can then call anyone they want pretending to be that individual, such as posing to be a manager and calling an employee to ask for sensitive data or re-create a loved one’s voice in an emergency call asking for money.

Video Deepfakes

These are fake videos, in which a person’s voice and actions are manipulated or recreated.  Deepfake videos can consist of pre-recorded video, or they utilize live video to participate in an online conference call.  For example, cyber attackers could create a deepfake video of a CEO making an announcement with information that’s not true about their company. It can also be used in a political campaign to make it appear as though one of the candidates said something (in the video) that, in reality, they didn’t say.

How to Detect Deepfakes: Focus on Context

Do not try to detect deepfakes by only looking for technical mistakes.  Both AI and the cyber attackers, who use them, have become very sophisticated.  Instead focus on context.  Does the image, audio or video make sense?

• Trust Your Instincts: Does something feel “off” about the interaction? Is the request urgent or unexpected? Is the person behaving strangely, even if they look and sound normal? Is someone asking for confidential information or personal data they should not have access to?  If something doesn’t feel right, trust your gut and check your facts and the situation.
• Watch Out for Emotional Manipulation: Cyber attackers often create urgency or fear to try and make you act quickly. If a message or call makes you panic, take a breath and verify the true identity of the person you believe you’re in contact with.  The stronger the emotional pull, such as creating a strong sense of urgency or fear, the more likely it’s a potential attack.
• Verify Through Another Method: If you are concerned the person contacting you may be a deepfake, reach out to the individual using a different method.   For example, for video calls or messages that you are concerned about may be fake, contact the person directly via phone or email.  If you get a voice call asking for urgent action, hang up and call back using a trusted number.
• Establish a Code Word or Phrase: Agree upon a shared code word or phrase known only within a group, or perhaps your family, that can be used to authenticate an urgent communication. Another option is to ask a question that you are certain that only the actual individual could answer; one the criminal could not research or figure out simply by searching online.

PERSPECTIVES FROM THE CAMPUS

One of the strengths of Indiana is that we bring together a variety of perspectives from the plethora of areas that touch the field of cyber, especially through the colleges, universities, and other institutions of higher education throughout our state. Hence the name, “Perspectives from the Campus”, we invite experts – immersed in the pursuit of educating their students – to offer their knowledge for finding solutions in cybersecurity that benefit all Hoosiers.

In the latest installment of this series, David Dungan, who serves as the executive director at the Center for Security Services and Cyber Defense at Anderson University, discusses some of the misconceptions about people who are neurodiverse and what we can do differently with regard to the career opportunities that exist for them to find success and contribute their skills in today’s cybersecurity workforce.  

By David Dungan

For all that’s been reported in news articles and other mediums that have put an otherwise positive spotlight on the topic, the opportunity of hiring people who are neurodiverse in the cybersecurity workforce has been impacted by several misconceptions. These misconceptions have made it difficult for these individuals who are neurodiverse to find their place in the field.

Neurodiversity is a term that describes individuals whose brains work differently; this term is usually used to describe people who’ve been diagnosed with certain medical conditions such as, but not limited to:

• ADHD (Attention Deficit Hyperactivity Disorder)
• Autism
• Down Syndrome
• Dyslexia
• Sensory Processing Disorders
• Social Anxiety

The first of these misconceptions is that neurotypical people are “better” to hire than individuals who are neurodiverse. Many articles cite the current shortage of cybersecurity workers as a reason to hire more neurodiverse individuals. While it’s true there is currently a shortage of people in the cybersecurity workforce and that people who are neurodiverse are underrepresented in the field, some articles seem to imply that if there was not a current workforce shortage, there wouldn’t be any need to hire people who are neurodiverse. The reality is that people who are neurodiverse are just as effective workers as those who aren't. The disproportionality is due, instead, to factors involved with the hiring process such as interviews, as well as discrimination faced in the field.

A better solution for overcoming these barriers is for employers to fundamentally change the way people are recruited through hiring practices that are more inclusive and providing tailored training programs, and utilizing adaptive management styles.

The next big misconception is the idea that people who are neurodiverse are so different from people who are neurotypical, that the most productive way to use them as employees is to have teams built up entirely of neurodiverse people. People who are neurodiverse often see the world and systems differently from people who are neurotypical, but this does not mean that they cannot work together with people who are neurotypical.

In fact, it has often been shown that environments that include both neurotypical and neurodiverse people can be more productive and effective. Having a diverse set of people also helps to ensure that all sides of a situation are considered, and essential perspectives are included to create even better outcomes. This can be an even greater benefit in the cybersecurity field, where problems often require an added measure of creativity to come up with solutions. Having only neurotypical people or only neurodiverse people on a team does not allow the kind of interchange of ideas that can happen in more diverse environments.

As for the last big misconception, people may think being neurodiverse is a kind of “superpower”. In reality, this stereotype can be harmful because it ultimately sets up people with neurodiversity for failure. The more people believe this misconception, the higher expectations are for people who are neurodiverse. People who are neurodiverse often find themselves in situations where they are given lots of responsibilities because they are seen as super competent and, as a result, they’re not provided the support they need in order to meet those expectations. When these expectations are not met or misunderstood, they are judged for not being good enough.

All three of these misconceptions can make it hard for people who are neurodiverse to find a place in the cybersecurity industry and contribute in a meaningful way to the lack of representation in the field.

As a recent article, posted on a website page by Indeed.com for employers, there are 10 steps employers can follow to support their neurodiverse employees, with the understanding that they also expect to be treated the same as their colleagues who are neurotypical. A story in the Wall Street Journal also offered five ways that neurodiverse employees can help drive innovation and performance, based on new research from Deloitte.

And isn’t that what we’re talking about? Creating a work environment, in which everyone deserves to have their needs, as well as the knowledge and experience they possess to be met with respect, one in which everyone is valued and supported and enables all employees to do their best work.

By Dhruti Mehta

The Problem: Gender Disparity in Cybersecurity

Women held 25 percent of cybersecurity jobs globally in 2022, up from 20 percent in 2019 and around 10 percent in 2013. Cybersecurity Ventures predicts that women will represent 30% of the global cybersecurity workforce by 2025, increasing to 35 percent by 2031. While progress is evident, the gender disparity in cybersecurity remains a pressing issue.

Why is this disparity still so prevalent? Challenges such as lack of confidence, imposter syndrome, limited support networks, and gender stereotypes hinder women’s advancement in the field. Without adequate representation, women are often denied leadership opportunities and lack access to mentors who can guide their growth.

The Role of Organizations

Organizations have a significant role to play in reducing the gender gap. Creating inclusive work environments that value diversity can greatly impact women’s career growth. Initiatives that offer mentorship, leadership training, and equitable career advancement opportunities can support women in achieving their professional goals.

Companies can foster inclusivity by:

• Establishing Mentorship Programs: Connecting experienced professionals with women entering the field.
• Promoting Leadership Opportunities: Ensuring fair consideration for promotions and executive roles.
• Offering Sponsorship: Advocating for women’s career growth through internal and external networks.
• Providing Skill-Building Resources: Supporting certifications, training, and continuous learning.

Indiana’s Contribution to Bridging the Gap

In Indiana, organizations and communities are making considerable strides to close the cybersecurity gender gap. Initiatives like Women in Tech Week and Fort Wayne Tech (founded by female leader Lindsay Lott), provide valuable opportunities for networking, learning, and mentorship. Through these platforms, women in cybersecurity can access resources that help them build confidence, enhance their skills, and grow into leadership roles.

The Women in Cybersecurity (WiCyS) Northern Indiana Affiliate is another significant initiative, offering mentorship, training, and leadership opportunities. This affiliate brings together a community of professionals committed to supporting women in cybersecurity.

Solutions: How to Support Gender Diversity in Cybersecurity

To help close the gap and promote inclusive growth, consider these actions:

• Join Communities: Connect with groups like WiCyS and Women's Society of Cyberjutsu.
• Advocate for Change: Support inclusive policies and encourage your workplace to promote diversity.
• Become a Mentor or Mentee: Engaging in mentorship opportunities can foster growth and create supportive professional networks.
• Stay Informed: Participate in initiatives like Women in Tech Week and support efforts to build a more diverse cybersecurity workforce.

Final Thoughts

While progress is being made, there is still much work to be done to achieve gender parity in cybersecurity. By fostering supportive environments, promoting inclusive policies, and encouraging women to pursue leadership roles, we can create a stronger, more diverse cybersecurity industry.

Together, we can bridge the gender gap and build a cybersecurity workforce that truly reflects the diversity of the world it protects.

For further information and resources, you are invited to check out these reports and perspectives:

• ISC2 Research Women in Cyber – Women’s Role in Filling the Workforce Gap
• A Place for Women in Cybersecurity

When it comes to a marketing a product or service, it's become popular for people to say it's about the "brand". This is especially true as to how it fits with the company's reputation or image.

Often times, it's a clever way to get us to buy whatever it is that the company is selling.

In a way, that's (kind of) how World Backup Day got started.

Celebrated annually on March 31^st, World Backup Day was first introduced - as World Backup Month - in 2005 by Maxtor, a company known for manufacturing hard drives. While it's not clear as to how long or just how effective their marketing campaign might've been, you can see what they were trying to do.

From there, it would be a few years later, in 2011, when the celebration of World Backup Day, you might say, became official after a student, Ismail Jadun - who was discussing backups on Reddit - jokingly created what is now recognized as, you guessed it, World Backup Day!

Putting aside its humorous origins, losing your files is something that happens way more frequently than you might think. And as we've come to discover, whether you're at work, at home, or at school, even a momentary interruption in protecting your data can have a profound impact in our daily life.

In fact, according to a recent survey, published in the Disaster Recovery Journal, found that 74 percent of Americans who own a computer have accidently deleted important data - that's an increase of nearly six percent from 2023 and 57 percent said they've experienced a security incident on their computer.

As concerning as that is, you can use the occasion of celebrating World Backup Day by implementing what is known as the "3-2-1 backup rule" that's defined as:

• Keeping three copies of your data: the original and two backups.
• Storing your backups on two different types of media, such as a cloud service and an external hard drive.
• Making sure to keep at least one copy of your critical data stored offsite, either at a different location or a different cloud service.

As you make sense of it all, the Cybersecurity and Infrastructure Security Agency (CISA) offers an informative guide that'll not only give you a sense of the problems that can occur from improperly storing your data, it provides several solutions on what you should do, in the way of recommended best practices, and why it's important to help you reduce the risk of experiencing any sort of permanent data loss.

What's more, CISA recommends that before setting up different types of encryption solutions, it offers several key steps to ensure that you don't disrupt the access you already have in place to protect your own data.

As with a lot of the things we should do, especially as it involves our technology, it can be tough, at times, to stay on top of all of the system and software updates that, seemingly, come through at all hours of the day and night on our laptops and mobile devices, including our cell phones. And, sometimes, that's true, even if we've scheduled a lot of that to go through at night, either when we're asleep at home, or after we've left work for the day.

The truth is, if we take the time to celebrate World Backup Day throughout the year and make it a part of our daily routine, we'll be able to say we did it "for the brand", keeping our good name, reputation, and our personal and financial data (and that of our company's) away from the reach of cybercriminals!

Successfully managing a small business is no easy task.

And try as you might, even when it seems as though you’ve turned a corner and your business is beginning to grow, one of the challenges that you know instinctively isn’t going away is your cybersecurity.

It’s understandable. At a time when the sophistication of a cyberattack is advancing as rapidly as the technologies we’ve come to rely on, it can be overwhelming

Because of that, you tell yourself that you’ll “get to it”, or you think that regardless of whatever it is you believe that the solution is, it costs too much, right? Or perhaps, you decide that you “don’t need anything” because your business is too small and that the cybercriminals won’t spend their time coming after you.

The fact is, we’ve reached a point in our society where it’s accurate to say that it’s no longer “if” we’re going to be hit with cyberattack or incident, but “when”. In 2024, fully 43 percent of all cyberattacks targeted small businesses and the total cost of cybercrime had surpassed $160 million.

Fortunately, if you’re one of the more than 534,000 small businesses in Indiana, there is help available – that’s free – that can help guide you when it comes to making sure that cybersecurity is a vital part of your business plan.

Around the country – including here in the Hoosier State – March 19^th is National Small Business Development Centers Day. Established in 2017, SBDC Day celebrates the power of small businesses and is dedicated to fostering local economic growth and help entrepreneurs launch, manage, and grow their businesses.

As part of that network, the Indiana Small Business Development Center is housed within the Indiana Economic Development Corporation and it helps small businesses start, grow, finance, innovate, and transition through no-cost, confidential business advising and training. Established in 1985, the Indiana SBDC has worked with more than 50,000 entrepreneurs and small business through its network of 10 regional offices located throughout the state.

When it comes to navigating all things cyber, the Indiana SBDC, in partnership with the Global Cyber Alliance, offers the GCA Cybersecurity Toolkit featuring a wealth of critical resources designed to protect a small business. Best of all, the free-to-download toolkit is intended to serve as a resource for small business owners as they improve their security. It allows you to select from a variety of tools that best fit you and your business’ needs, that includes:

• Know What You Have
• Update Your Defenses
• Beyond Simple Passwords
• Prevent Phishing and Malware
• Backup and Recovery
• Protect Your Email and Reputation

At times, opening and operating a small business can leave you feeling as though you’re a world-class sprinter, who’s focused on always making sure that whatever you’re doing is achieved with the utmost speed ahead of your competitors. Other times, protecting your company’s critical systems and customer data requires a more measured approach, not unlike the front runners you’d see at the Boston Marathon or the 500 Festival Mini-Marathon.

The reality is, it’s both a 100-yard dash – that requires being responsive without overreacting. At other times, practicing good cyber hygiene and utilizing the latest tools for managing your cybersecurity is a race that’s won through endurance and playing the long game with discipline and focus, so as to achieve the long-term goals of growing your small business!

If you own or operate a small business, be sure to visit the Indiana SBDC website to learn more about its resources and programs. In addition to its cybersecurity, there are programs involving agribusiness, as well as one that provides guidance for developing an export business plan, another for technical assistance, along with a manufacturing initiative.

PERSPECTIVES FROM THE CAMPUS

One of the strengths of Indiana is that we bring together a variety of perspectives from the plethora of areas that touch the field of cyber, especially through the colleges, universities, and other institutions of higher education throughout our state. Hence the name, “Perspectives from the Campus”, we invite experts – immersed in the pursuit of educating their students – to offer their knowledge for finding solutions in cybersecurity that benefit all Hoosiers.

In the latest installment of this series, David Dungan, who serves as the executive director at the Center for Security Services and Cyber Defense at Anderson University, discusses the types of scams that cybercriminals will try and use when it comes to all of us buying tickets to some of the world’s biggest sporting events including the NCAA’s “March Madness” and the Indianapolis 500 and the steps we can take to make sure that we’re in the right seat for all the action!

By David Dungan

Even if you don’t consider yourself to be a fan of college basketball or a racing enthusiast, there’s no doubt about the fact that “March Madness” and the Indianapolis 500 are two of the most exciting sporting events in the world, creating every year, it seems, the kind of excitement that can make for long-lasting memories.

And whether you’ve been going to these games – or the race – for years, or maybe you decide this is the year you’re going to check out some of the action on the hardwood, or experience for yourself “The Greatest Spectacle in Racing”, you’ll want to be mindful of some of the online scams that are out there when it comes to buying a ticket.

According to a report that aired on “CBS Mornings”, Americans lost more than $2.3 million to online ticket scams in 2024, according to the FBI Internet Crime Complaint Center (IC3).

With “Selection Sunday” coming up this weekend and the “500” just a few weeks away, we’ve got some tips to help ensure that the tickets you are looking to purchase are legitimate and will get you through the gate.

Among the scams that are out there include:

• Fake Social Media Listings - Scammers will often post fake tickets on social media platforms, such as Craigslist and Facebook Marketplace. They pose as having digital tickets but after you pay, the posting disappears (along with your money).
• Fake Websites - Scammers will often create a fake website in order to mimic the legitimate website of a ticket vendor. At first glance, some of these sites might  appear to be similar, but there are two key things to look for in a secure website, beginning with the fact that a secure website will begin with “https” and it will also include the “Lock” icon that will appear in the window of your web browser.
• Counterfeit Tickets - Counterfeit tickets involve using a realistic PDF or AI-generated ticket that appears legitimate at first, but once the ticket is scanned at the venue, it is flagged as being fake or the barcode indicates that it’s already been used.
• “Too good to be true” prices - The average price of a March Madness first round ticket is around $100, according to Ticketmaster, with prices rising the further the tournament goes or depending on who’s playing. It’s a good idea to check multiple vendors to see if you are getting a good deal or if the price, as advertised, is simply too good to be true or appears to be deeply discounted.

The best way to avoid scams is to buy from the original source. The NCAA will sell tickets to every tournament game on their official website. The same goes for the Indianapolis 500, as the Indianapolis Motor Speedway will sell tickets to every event that is taking place at the Brickyard. In fact, if you're buying a physical ticket for the 500, it will (always) feature an image of last year's winner (Josef Newgarden) and the size of the ticket is almost the size of two table coasters, and it's printed on a thick ticket stock. If it's a digital ticket, it'll have a moveable graphic (with some motion to it). There are no "print-at-home" tickets, and a screenshot cannot be texted to you. Following safeguards, such as these, will help you avoid worrying about your tickets being invalid.

Another way is to use reputable platforms, such as StubHub, SeatGeek, or VividSeats. Using sites such as these will offer purchase protection, so you are guaranteed money back if there are any issues with your tickets.

If you want to learn more about some of the pitfalls that can come with buying tickets, as well as a few solutions designed to help you, be sure to check out an informative video produced by a threat intelligence firm, whose focus is on helping to prevent cybercrimes.

Indiana Attorney General Todd Rokita also routinely recommends that Hoosiers pay with a credit card in order to maximize their purchase protection. Additionally, you’ll want to fully understand what a ticket vendor’s policy is, with regard to a refund, exchange, or any kind of return before purchasing any tickets.

Without a doubt, thanks to all of the advances we’ve made in technology, it’s easier than ever to make an online purchase. The difference is, when it comes to having a seamless customer service experience, the reason for us to feel good about spending our money comes from the fact that the technology enables us to make a purchase that is safe and secure, from a reputable business, and that the website is legitimate; a satisfaction that provides us with some “piece of mind” that our personal and financial information isn’t going to be compromised.

And that’s just what we need (and should expect) as we get ready to cheer on our team as they take the court, or to be there in our seat at the race when it’s time to celebrate being “Back Home Again in Indiana”!

When it comes to the things we might experience during the month of March, it’s safe to say that we won’t be gathering at an Irish pub and enjoying a pint of Guinness or filling out a March Madness bracket in celebration of National Credit Education Month.

Of course, as fun as those things can be (right?), it wouldn’t be the kind of activities that you’d necessarily want to mix together; especially if you’re looking to brush up on your finance skills, or wanting to make sure your credit is well protected, so as to avoid being the victim of an online scam.

Created in 1989 by the National Foundation for Credit Counseling, the purpose of National Credit Education Month is actually worth celebrating as it’sintended to provide all of us with an opportunity to gain a greater understanding of the importance of credit and why having good credit is essential.

With that in mind, there’s plenty at stake when you consider:

• In the fourth quarter of 2024, the credit card debt in the United States reached an all-time high of $1.21 trillion, according to the Federal Reserve Bank of New York.
• Unsecured personal loan debt hit a record $249 billion in the third quarter of 2024, with the average outstanding balance peaking even higher by the fourth quarter to $11,829, according to the credit reporting agency TransUnion.
• It’s not getting any better for businesses, as the types of AI tools that bolstered scams in 2024 through deepfakes, image, document, and text generation and automation, will be applied to the creation and use of even more sophisticated synthetic identities in fraud schemes targeting government and private organizations at a higher rate.

The fact is, when it comes to inviting themselves to the party, cybercriminals will try and use a variety of financial scams to help themselves to your good credit, such as:

• Email is the most common form of a scam, followed by phone and text messages.
• And they target all of us – regardless of age, income or education level, gender or race.
• What’s more, while people often think older adults are more susceptible to scams, that isn’t always the case.
  • A recent survey by Bankrate found that while older generations, such as baby boomers and Generation Xers, are more likely to have experienced a scam, younger generations are more likely to suffer financial losses. More than half of Gen Zers, who encountered a scam in the past year lost money, followed by 45 percent of millennials, 32 percent of Gen Xers, and 26 percent of baby boomers.

Keep in mind, too, that just as planning a memorable party requires a lot of work, avoiding a financial scam requires some diligence to protect yourself and your loved ones. There are several helpful tips to follow including:

• Keep an eye on your credit score. If your credit score changes for no reason you can think of, it could be due to a hard pull instigated by someone trying to open an account in your name. Monitoring your credit score enables you to pick up fraudulent activity before it gets out of hand. Check your credit score for free.
• If you get a call from someone you do not know, don’t answer it.
• Do not share your personal information, especially with anyone who randomly emails or calls you, asking for it.
• Never click links in texts, emails or pop-up ads. If you are concerned, go to the organization’s website and contact them through their contact page.
• Monitor your bank account, online accounts and credit score regularly.
• Lock down your social media accounts to “Only Friends” and be careful who you accept as a friend. Scammers only need 15 seconds of your voice or photos from social media accounts to create deep fakes and attempt to extort you and/or your loved ones.

It’s no secret that business and work-related online scams also can take many forms. This is particularly true if you’re part of a small business. Among the resources that are out there, with good advice on avoiding these scams, can also be found on Business.com, and the FBI.

Here in Indiana, there are a lot of free resources to help you avoid being a victim of a scam or a cybercrime, such as identify theft, or what is known as a business email compromise. You can also visit the "Take Immediate Actions" page on the Indiana Cyber Hub website for help with everything from requesting a “credit freeze” through the Attorney General’s office to placing a fraud alert with any of the three credit bureaus.

As with a lot of things in life, it can be tough, at times, to do everything we can to keep our personal and financial information safe and protected. But, hey, now that you’ve had a chance to learn a little more about why March is National Credit Education Month, maybe there IS a reason to celebrate!

Indiana’s progression as a leader, among all states, in cybersecurity is continuing to rise, following the decision by Governor Mike Braun to sign an executive order to continue the work of the Indiana Executive Council on Cybersecurity (IECC), and the adoption of a detailed report highlighting the progress that’s been achieved over the past four years.

Soon after being sworn in as the Hoosier State’s 52^nd Chief Executive, Gov. Braun signed Executive Order 25-10 to continue the work of the Council that was formed in 2016 by Gov. Mike Pence, and continued in 2017 by Gov. Eric Holcomb. The order preserved the Council’s “first of its kind” strategic framework that is centered on a collaborative effort that brings together stakeholders from state and local government, private sector, military, research, and academics for the purpose of enhancing the state of Indiana’s cybersecurity while, at the same time, providing solutions, best practices, and resources necessary for preserving our state’s critical infrastructure.

Earlier this month, the IECC – under the leadership of the chair of the Council, Jennifer-Ruth Green, who serves as Public Safety Secretary and Executive Director of the Indiana Department of Homeland Security (IDHS) – conducted its first quarterly meeting of the year. Included on the agenda was the presentation of the State of Cyber Report 2021-2024.

Adopted unanimously by the IECC voting members, the 65-page report outlines the results of the 2021 Cybersecurity Strategic Plan, which included 80 identified deliverables and 151 objectives. All told, the Council completed 84 percent of its deliverables and nearly 80 percent of its objectives; a remarkable accomplishment given the fact there are more than 250 advisory members, all of whom serve as volunteers on the Council and its 15 committees and working groups.

Thanks to their contributions and the expertise and knowledge they provide, it represents a savings of millions of dollars annually for all Hoosiers. The second part of the report is a collection of other cybersecurity initiatives that were accomplished – outside of the IECC – throughout the state.

It also includes the history of the Council, as well as a timeline for some of the state’s notable accomplishments in cyber, including the:

• development of a strategy in 2009 by the Indiana Office of Technology that was considered ahead of its time, compared to other states.
• appointment of the state’s first cybersecurity program director in 2016.
• completion (also in 2016) of a uniquely-designed critical infrastructure tabletop and operational exercise – known as Crit-Ex.

In continuing the Council, it assures that the state will be able to keep its focus on supporting the programs that are used to provide protection against the type of cyber threats that, as expressed in the Executive Order, that “…pose personal, professional, and financial risks to the citizens of the state of Indiana and threaten the safety and economy of the state”.

What’s more, many of the resources that are free to download on the Indiana Cyber Hub website including toolkits that are free to download for everything from education and healthcare to cyber insurance, local government, emergency management, and privacy. Additionally, it’s important to keep in mind that many of the deliverables and objectives that were completed as part of the 2018 and 2021 strategic plans were developed at a period of time during which, as a society, we dealt with the impact of a global pandemic, and an unprecedented number of sophisticated cyberattacks in recorded human history.

To learn more about the IECC, visit the Executive Council page on the Indiana Cyber Hub website. While you’re there, you can subscribe to the weekly Cyber Hub Blog, featuring the perspective of cybersecurity experts as they discuss a variety of topics and the latest trends related to the world of cyber!

PERSPECTIVES FROM THE CAMPUS

One of the strengths of Indiana is that we bring together a variety of perspectives from the plethora of areas that touch the field of cyber, especially through the colleges, universities, and other institutions of higher education throughout our state. Hence the name, “Perspectives from the Campus”, we invite experts – immersed in the pursuit of educating their students – to offer their knowledge for finding solutions in cybersecurity that benefit all Hoosiers.

In the latest installment of this series, David Dungan, who serves as the executive director at the Center for Security Services and Cyber Defense at Anderson University, discusses the importance of creating and using strong passwords – including a look at some of the techniques that cybercriminals rely on – to help us all better understand what’s behind the ‘why’ and ‘how’ of a process that’s easier than you might think (or keep track of).

By David Dungan

One of your friends just invited you to use a new app for an online group chat. You download the app, boot it up, and you’re required to (quickly) set up an account.

In doing so, you create a password, but it doesn’t necessarily meet all of the requirements that it should; it needs a unique combination of numbers, capital letters, special characters, and what feels like 27 slaps of the keyboard to get through all of the instructions and the “free trial”. Of course, you manage to clear all of the hurdles and, soon after that, you’ve added it to an ever-growing list of passwords that, some days, are more than a bit of a challenge to manage.

Yet, as difficult as it can be, strong passwords exist to protect your accounts, as well as your personal and financial information. Having a strong password isn’t arbitrary, it keeps you and those closest to you secure. Fully 70 percent of weak passwords can be cracked in less than one second by hackers using simple brute force attacks. And, once they’re in, they’ll have access not only to your information, but any friends you’ve talked with on those chat apps or any connections you’ve made could be susceptible to malware like worms via your account.

So, how does one make a strong password? To figure that out, we need to look at what hackers use to break through weak passwords. Hackers will try and take advantage of the following weaknesses:

• Commonly used passwords – Be sure to stay away from “password123” or “Pa$$w0rd” or anything resembling a common word. Also, avoid using the name of the service in your password. Hackers may have programs that try these commonly used options first, making your password one of the weakest links in a brute-force attack.
• Short passwords - It’s a good idea to create and use passwords that are longer than eight characters. Hackers have brute-force algorithms that will try every single combination of characters. With each character you add, you significantly increase the number of combinations, making it harder to break through. It can certainly make a difference; a complex 12-character password takes 62 trillion times longer to crack than a six-character password.
• Bland passwords - Use more than just letters and numbers. Hackers can customize their brute-force algorithms to only use letters, or only use letters and numbers, etc. If you pull from letters, numbers, and special characters, hackers will have to try more possibilities.
• Repeated passwords - Avoid using the same password across multiple sites. If your social media platform gets compromised and hackers have access to that password, they will try it with your username across other platforms.

In addition to stronger passwords, consider using a password manager, as it can help by taking off the weight of memorizing all of your passwords while, at the same time, keeping that information secure.

You can also use multi-factor authentication (MFA), whenever possible, as it adds a layer of security that will help protect you.  MFA increases security because even if one credential becomes compromised, unauthorized users will be unable to meet the second authentication requirement and will not be able to access the account, as well as your device, network, or database.

Using these tips will provide you with a greater peace of mind and whenever you’re online, it’ll provide you – and your friends, family and even your co-workers – an opportunity to experience more of the fun we’re supposed to have, especially when we’re on social media or catching up on the world around us!

If you’ve heard the phrase, “She said yes to the dress!”, chances are you’re a bride to-be, or you’re pretty involved in the wedding plans.

Or you just love to tune in to see the made-for-TV drama that comes from watching people (we don’t know) spend anywhere from around $4,500 (as an average) to as much as $70,000 for the dress. And mind you, that doesn’t include the alterations or the dresses for the bridesmaids! Maybe that explains why the Father of the Bride gets so excited leading up to the big day!

Of course, if you’re OK with finding a perfectly beautiful wedding dress (without the need to be on the show), the average cost in 2025 is between $1,500 to $2,500 and there are some ways to help you save some more on your dream dress.

Maybe that’s one of the reasons why the month of February is known as “National Weddings Month”.

It also explains why cybercriminals have gotten into the business of weddings to try and run scams that include everything from being a fake vendor (posing for almost anything – i.e., florist, cake designer, photographer or even the wedding planner) and offering up counterfeit dresses or weddings rings to trying to steal your gifts at the reception!

Fortunately, for most of us, we have members of our family and some close friends to help us to make sure that the wedding goes smoothly. The Better Business Bureau (BBB) and BitDefender.com offers some helpful tips on what you can do to protect yourself, including:

• Research and Reviews. Research vendors thoroughly before you commit to any service provider’s offer and check reviews on multiple platforms.
• Get Everything in Writing. Legitimate vendors will give you a contract detailing services, costs, and cancellation policies. Be sure to read it carefully to ensure that everything you’ve agreed to is included.
• Meet Vendors in Person. Meet the vendors you plan on hiring for your big day in person. Meeting people face-to-face allows you to check more closely for trustworthiness, ask questions, and check the degree of professionalism.
• Use Secure Payment Methods. Use credit cards for deposits and payments whenever possible so you can dispute fraudulent charges or services.
• Be Mindful of Your Social Media Presence. Couples planning their wedding day are highly vulnerable online, especially if they begin sharing sensitive information. Public announcements related to your leaving home, or even the country, for a honeymoon can put you at risk for a home invasion or theft.
• Report Scams. If you’ve come across any shady businesses or scammers, report them to the FTC, BBB, or police in your region. Here in Indiana, you can also visit the Report a Cyber Incident page on the Indiana Cyber Hub website with the steps you can take if you believe you’re a victim of identity theft.

With all of that in mind, weddings are a huge business, as evidenced by the fact that the average cost of a wedding in the U.S. is projected to exceed $30,000 in 2025. As those costs (continue to) rise, roughly 30 percent of couples expect to invest in wedding insurance to protect against unforeseen events. And as the use of technology grows, so, too, are couples opting to use drones for photography and live streaming services.

To be sure, saying “I do” is beginning to take on the magnitude of what we would see with a pay-per-view event, as some couples have even taken to “inviting” guests to their wedding – by charging them for the experience (as much as $450 for a ticket) to join in their special day.

Be safe out there, as we hope saying “yes to the dress” is just one of things you’ll find truly memorable on your special day.

With Valentine’s Day just over a week away, it’s easy to get swept up into the notion of wanting to experience some romance as a part of our everyday life.

And that’s true whether we’ve been married for years, in a relationship that’s just beginning to develop, or we’re single and looking for someone special. Maybe we get caught up in watching a movie on the Hallmark Channel or we decide to take some time to get away for a weekend. Or, perhaps, the woman or the man who’s reached out to us online is a bit more mysterious, in terms of the story they’re sharing with us. Regardless, it can be imaginative and intriguing, all at the same time.

And yet, as we’ve discovered, there is a reality to it all that can be (and is) heartbreaking in a way we can’t imagine.

Romance scams are much more than just the “risk” that comes with giving our heart to someone, especially when you consider:

• In 2024, a survey of U.S. online dating service users found that 53 percent of male online dating service users being a victim of a romance scams, while 47 percent of women who used such services reported the same.
• Scammers will use well-rehearsed scripts that have been used repeatedly and successfully. Some even keep journals on their victims to better understand how to manipulate and exploit them.

To learn more about how these scams can happen and some expert advice on what you can do to protect your heart and your bank account, be sure to check out this episode from the “Inside the FBI” podcast.

There are also some red flags you’ll want to watch out for, such as:

• Being asked to leave the dating website where you met to communicate solely through email or instant messaging.
• Receiving a photo that looks like a glamour shot out of a magazine.
• Meeting someone who tries to isolate you from friends and family.
• Always cancelling the plans that are made to visit you because of an emergency.
• Asking you to send money, share your personal and financial information, or provide them with items of value, or to launder money.
• Using stories of severe life circumstances, such as tragedies, deaths in the family, injuries to themselves, or other hardships to keep their victims concerned and involved.
• Claiming they have knowledge of cryptocurrency investments or trading opportunities that will result in substantial profits.

In trusting your heart (and your instincts), the FBI, along with the Indiana State Police recommends:

• Taking it slow and not being afraid to ask questions.
• If you suspect an online relationship is a scam, stop all contact immediately.
• Never send money to someone you met online and have not met in person.
• Never share your Social Security number or other personally identifiable information. (PII), such as your date of birth.
• Research the individual’s picture and profile using other online search tools.
• If you are planning to meet someone in person, proceed with caution, especially if you plan to travel to another state or a foreign country.
• Be careful what you post and make public online as scammers can use details shared on social media and dating sites to better understand and target you.

If you’re a victim of a cybercrime, you’ll want to contact a law enforcement agency right away, including the FBI – Internet Crime Complaint Center (IC3).

You can also contact the Indiana State Police’s Special Investigations Division, which is staffed with detectives who specialize in conducting cybercrime. Reports can be filed using the High Tech Crime Investigative Assistance Form or by calling: (260) 459-4884.

As is often the case with online crimes, romance scams impact not just the person who is the victim, but it also creates a devastating outcome for their families, who are drawn into the situation as they see someone who’s close to them, such as a parent, sibling, or an adult son or daughter, being victimized. If you suspect that a member of your family is a victim of a romance scam, you can contact the FBI, or you can report romance scams and financial abuse to the Indiana Attorney General’s office.

On a happier note, there are plenty of ways to meet someone safely, whether you’re online or in person. And for what it’s worth, finding what we believe is true romance might be encouraged by the fact that roughly six million people do get engaged on (you guessed it) Valentine’s Day! Here’s to all of us finding some romance that fills our heart without emptying our bank account!

As the headlines, news coverage, and even some of the talk show monologues continue to swirl around us – especially as it regards TikTok and, just this week, DeepSeek AI – it is fitting, perhaps, that it’s also Data Privacy Week.

Celebrated annually since 1981, this year’s theme is “Take Control of Your Data”; a sentiment that, given recent events, might be more than a little ironic and maybe (still) somewhat overwhelming. And that is true whether we’re talking about ourselves, or if you’re either a small business owner, or if you work as part of a non-profit organization.

After all, at its core, data privacy is important because it protects personal information, builds trust, and prevents harm. It also helps protect each of us from being a victim of identity theft and fraud by doing, just as the theme encourages us to do, to control our data.

Starting with our own online privacy, there are several steps we can take, according to the National Cybersecurity Alliance, even if we’re at home, that includes:

• Limiting the personal information you share on social media.
• Browsing in what is known as “private mode”.
• Using a different search engine.
• Considering the use of a VPN (virtual private network).
• Being careful where you click.
• Securing your mobile devices.
• Using quality antivirus software on all of your devices.

If you own a small business, data privacy is vital for protecting your customers’ and employees’ personal and financial information. In doing so, you’ll be able to maintain a positive reputation and comply with data protection laws, as well as minimize the risk of a costly data breach (keeping in mind that the average length of time for a company to identify and recover from a data breach is 279 days).

Even with these kinds of threats, being proactive with your data privacy can even provide your business with a competitive advantage by demonstrating a commitment to customer security, especially in an era where privacy concerns are growing. There are also other resources out there in the way of free advice that can be found in a podcast from reputable organizations such as the International Association of Privacy Professionals (IAPP).

For a non-profit organization, data privacy is crucial for a lot of the same reasons as it is for a business. Maintaining the trust and loyalty of its donors is the foundation, upon which its ability to successfully raise funds and receive donations is built. By protecting its data, these organizations retain their credibility, and it enables them – at every level – to follow through on their ethical responsibility to safeguard the identity of someone they collect data from.

Here in Indiana, there are free-to-download resources involving data privacy and cybersecurity that are specifically designed to benefit all Hoosiers.

• Indiana Privacy Toolkit – Compiled by the Indiana Executive Council on Cybersecurity's (IECC) Privacy Working Group, the information in the Toolkit is drawn from the Group's members' knowledge and expertise in privacy and cybersecurity as leaders from the public and private sectors.

The purpose of the online toolkit is intended to help organizations gain a better understand of how privacy “works” and why it’s important. It is meant to be a step-by-step guide, with information tailored specifically for (you guessed it) small businesses, nonprofits and local government. Think of it as your own, in-house privacy handbook, from which you can rely on to help you navigate through the myriad of challenges related to technology and cyber threats.

• PII Guidebook 2.0 – In addition to the Toolkit, the IECC Privacy Working Group updated its PII Guidebook 2.0 to help provide Indiana businesses, small and large, with a more in-depth understanding of what constitutes "PII" (including how it's defined) as part of our daily lives, and what to look for, when it comes to identifying the personal identifying information that requires a heightened degree of protection.
• Indiana Cybersecurity Scorecard – Developed by the State of Indiana and Purdue University, this 22-question online tool will provide you -- in less than 15 minutes -- with a score (and a report) of where your organization stands in terms of cybersecurity preparedness.

As we wrap up the month of January, it’s important for all of us to keep the celebration of Data Privacy Week going every day and throughout the year.

Because while it’s true that, on any given day, there will be news stories that capture our attention for a few days, maybe even a couple of weeks. From there, it’ll be something else that gets us to move on to other things happening in our world.

The difference is, unlike the news cycle, each of us has the ability to control our own personal data and we can do it in a way that allows us to experience it in a way that is meaningful and secure.

By Katrina Terry

Every day, it seems, more and more, we rely on technology and, for that matter, cybersecurity to guide us through our daily lives.  And most of the time, it leads us to what we would consider a benefit or, at the very least, a good outcome.

That being said, there is one issue that’s not only difficult to discuss, but it’s also one that’s occurring in the communities where we live, and it relies on the technique of exploiting technology to target its victims.

Human Trafficking is a crime that affects individuals across all demographics and children are particularly vulnerable. In fact, the International Labor Organization estimates that 40.3 million men, women and children are subjected to human trafficking per year; a figure that is based on research data and is estimated to be even higher. January is National Human Trafficking Prevention Month. And every year since 2010, the President of the United States has dedicated the month to raise awareness about human trafficking and to educate the public about how to identify and prevent this crime.

Traffickers exploit technology as their primary tool to manipulate, groom, and recruit victims. Social media, gaming platforms, and messaging apps are often used to target kids, no matter their race, economic background, or geographic location. Predators use these platforms to build trust with children, exploit their emotions, and lure them into dangerous situations. The very technology meant to connect and entertain can become a gateway to unimaginable harm when left unchecked.

As parents, you play a crucial role in protecting your children from these threats. Here are five essential tips to safeguard your kids.

1. Know their online world: Have access to all their accounts and passwords. Monitor their activity, friendships, and interactions to ensure they’re not engaging with strangers or suspicious profiles. Especially gaming chats!

2. Set Boundaries: Establish screen time limits to reduce excessive exposure to online platforms. Use parental controls to block inappropriate content and ensure they’re spending time on safe age-appropriate activities.

3. Communicate Openly: Let your children know they can come to you if something feels wrong, whether it happens online or in person. While technology is a significant tool for traffickers, many children are also approached in real life, at schools, parks, malls or even by peers who have been recruited or coerced by traffickers. These individuals may manipulate or threaten children to convince them to recruit others or participate in harmful activities.

Explain to your children how traffickers often use fake profiles on social media, gaming platforms, or other online spaces to gain their trust. These predators can be extremely patient, playing the “long game” by building a relationship over months or even years to groom their victims. Help your children to understand that even if someone seems friendly or trustworthy online, they may not be who they claim to be.

4. Create a safe space: As a parent, it’s critical to build trust with your children so they feel safe sharing their experiences without fear of judgement or punishment. Reinforce that your home is a secure and supportive environment where their voice will always be heard, no matter how uncomfortable or scary the situation might seem. Having open, honest conversations about these dangers and ensuring they feel valued and protected can be one of the most powerful ways to guard them against trafficking threats.

5. Stay informed: Educate yourself about the latest online trends and risks and teach your children how to navigate them safely.

By staying proactive and involved, parents can help shield their children from the dangers lurking online. Known as LION 195 Against Trafficking, Inc., we invite you to visit our website to learn more about protecting your family and to explore details about our Online Parent/Guardian - Cyber Child Safety Trainings and events aimed at countering human trafficking in Indiana and across the United States. Together, we can make a Louder Roar and create safer communities for everyone!

Whether you’re getting ready to graduate from college, or you’ve just about completed a certification that’s essential for the job that you’re applying for, there’s always one question that an employer will ask. And that is “what experience do you have?”.

At times, it can be frustrating.

Because, in that moment, it can seem as though that no matter how many co-ops or internships you’ve completed, what your grades look like, or the number of certifications you’ve earned, for some employers, it’s not enough for “what they’re looking for”, right?

The fact is, that question is not only being asked of those of you who are just starting out, it comes up (albeit for different reasons) with older candidates, too, whose experience sometimes will stretch across a decade or two.

What’s more, proving you possess whatever “it” is can be even more challenging in a career, such as cybersecurity, when you add in the requirements that are involved not just with background checks, but being granted a security clearance. No doubt about it, it’s tough.

In preparing for all of that (and whatever else comes our way), there’s something we can use to our benefit and that’s the advice and experiences we can gain by having good mentors. To celebrate, it’s fitting, perhaps, that January is National Mentoring Month.

At a time when it’s estimated that there are more than 20,000 job openings in cybersecurity in the Hoosier State, mentorships offer a variety of key benefits, everything from providing access to expert guidance and accelerating one’s skill development, to fostering a deeper understanding of a threat landscape that, as we all know, is changing (and advancing) rapidly.

What’s more, it can have practical advantages that would be true in any industry, such as real-world experiences, constructive feedback and enhancing someone’s problem-solving abilities. This is especially critical when you consider that not everyone who is pursuing a career in cyber is at a young age. Consider, too, the fact that the “mentor” providing advice and guidance IS the younger person – given their knowledge and experience with all sorts of technologies.

In other words, the opportunity for being a mentor goes both ways.

And the “benefit” can be as simple as a few words of advice (that you find yourself remembering and/or applying years later), or it’s as complex as the work that can be involved with penetration testing or cloud security.

Best of all, it can provide, for the mentor, a genuine sense of fulfillment that comes from contributing to the development of future industry leaders. For the person receiving the mentoring, they can “give back” by helping their mentors to stay current on emerging trends and the latest technologies.

Here in Indiana, cybersecurity and cyber governance are top priorities and there is great deal of free information available online about all things related to a cyber career, from sources as varied as the National Initiative for Cybersecurity Education (NICE) and RING (Regions Investing in the Next Generation), an online high school cybersecurity course.

By now, for most of us, we recognize the fact that cybersecurity is a ‘code’ that’s programmed into, seemingly, almost every aspect of our daily life.

Because of that, we can’t expect ourselves to always know the answer to whatever it is that we might be dealing with. All the more reason for all of us to have good mentors or to be that someone who makes a difference with others. Maybe, too, it’ll lead to a better answer to that question!