October 26, 2022
Recently, we interviewed Amanda Tilley, Vice President and Information Security Manager at OceanFirst Bank about the importance of National Cybersecurity Awareness Month and here is what she said.
What does National Cybersecurity Awareness Month mean to you? Cybersecurity can seem daunting and while it can be complex, at a straightforward level it’s about taking steps to protect your data from unauthorized use and criminals. It’s an important concept that everyone should become comfortable with, especially as technology plays a stronger role in our lives. Every day we hear of new scams and malicious attempts to gain access to our personal information, and it can be overwhelming to keep up. Cybersecurity Awareness Month provides everyone an opportunity to learn from professionals in how to stay safe online. Along with other organizations and banks across the country, OceanFirst participates in Cybersecurity Awareness Month by providing our employees and customers with quick tips and recommendations for best cyber practices. Taking a few minutes to put these recommendations and behaviors into practice can save you and your data from future scams and criminals.
What are some common scams? Phishing, Smishing, Vishing – these are all forms of social engineering in which you receive malicious emails, texts, or phone calls attempting to get information from you. These messages and calls are often unexpected, pretend to be someone you know (or from a business you know), and play to your emotions, i.e., “Do this now!”, “your account has been hacked”, “I need your help”. These scams are trying to trick you into giving them money, account credentials/pins/passwords, or other personal information. Always slow down and look for red flags with these types of requests, most of the time it’s a bad actor trying to take advantage of you. Don’t click on links, open attachments, or reply to the sender. Also remember, your Bank – including OceanFirst – will never email, call, or text you for account information or requesting you to conduct account transactions #BanksNeverAskThat
What does effective cybersecurity look like to you? Cybersecurity is everyone’s responsibility. We all play a role in protecting our own information and other’s information from falling into the wrong hands. To me, effective cybersecurity means incorporating safe practices and behaviors into our daily lives. Especially being able to recognize social engineering attempts like phishing. Never click suspicious links and attachments, never share your passwords, and never provide personal information or money to an unknown/unconfirmed person.
Other behaviors include, not re-using passwords. Use a different complex password for each account. Complex passwords are at least 8 characters, alphanumeric, with special characters. Change your passwords, especially if your account is compromised. Check out haveibeenpwned.com to see if your email account or phone number is compromised.
In addition to a password, use two-factor authentication (2FA) or multi-factor authentication (MFA). This can be a One-Time-Passcode (OTP) sent to your phone or email when logging into an account or an MFA app like Microsoft Authenticator or Google Authenticator. An MFA app is considered more secure. Use 2FA or MFA for any accounts that offer it, especially banking and social media accounts.
What is an important tip that consumers should know? Implementing cybersecurity practices might seem time consuming, but it will protect your information and your bank account from bad actors. In short, always verify who is contacting you and do not click on suspicious links!
How did you get started in cybersecurity and how long have you been in the field? There is not always one straight path to cybersecurity, as many in the field will tell you. I graduated with a B.A. in Political Science and Communications and in 2013 wound up working at a Bank in the Accounting and Risk Management departments. This role afforded me opportunities to work closely with Information Technology and Information Security, which sparked my interest in the field. Over the years I continued to work with these departments as a Business Analyst and Project Manager. In 2019, I moved into my first role in Information Security as an Analyst focused on Governance, Risk, and Compliance. I continued learning on the job and by earning my master’s degree in Legal Studies with a concentration in Cybersecurity and Information Privacy Compliance from Drexel University’s Kline School of Law. I am now the Information Security Manager for GRC & Privacy, where I get to merge my love of law and policy with my experience in technology, security, and privacy.
What does your daily role look like at OceanFirst Bank? My team is responsible for the Information Security Program and subsequent policies at OceanFirst. We provide oversight for and monitor security controls throughout the organization, often times this means working hand-in-hand with different business lines to ensure appropriate security and privacy practices are followed, while allowing space for business innovation and reducing risk. We also conduct regular Information Security Awareness Training and Testing of our employees, perform risk assessments, and manage business continuity.
Favorite part about being an Information Security Manager? Easily, the InfoSec team. The Information Security Department at OceanFirst is composed of some of the smartest, funniest, and kindest people I know. They are hard working and never cease to amaze me.
What is one fun fact about you?I am quoted in a book! The book, Can. Trust. Will.: Hiring for the Human Element in the New Age of Cybersecurity, provides insight into cybersecurity as a field and is composed of recommendations and annecdotes from security professionals in various fields. It was authored by one of my professors at Drexel, Leeza Garber, ESQ., along with Scott Olsen, retired FBI. It is an interesting read and is a great reference for those looking to get into cybersecurity and those hiring in cybersecurity. Throughout the book I speak about the department at OceanFirst and what makes us collectively successful in protecting the Bank against cyberattacks. It was an amazing moment to see my last name in an Index! The book is available on Amazon for purchase.