Cybersecurity Expert Ryan Paal ’96 Shares Do’s and Don’ts for Protecting Personal Data

Like millions of other Americans, cybersecurity expert Ryan Paal ’96 has spent the last year working from home. Unlike most, though, he deeply understands the dangers of each stray click and fishy email. As a member of the JPMorgan Chase red team, Ryan leads simulated cyberattacks against the firm to identify security weaknesses – and on Thursday, he shared some digital do's and don’ts with the Calvert community.
“We’re all working from home right now, and everyone’s asking the same question, ‘How do I stay safe?’ And there’s a lot of answers to that,” Ryan said. “Can you stay perfectly safe? The answer is no.”
However, he says, there are a number of ways to enhance your security profile and deter potential hackers.
During a virtual discussion with Calvert alumni, Ryan advised that the best thing anyone can do is update their accounts so that each one has a unique password that does not contain identifiable names or dates.
“Eight characters is not a secure password. A password that contains your anniversary, your wedding date, or your birthday is not a secure password, because that is all public information," Ryan shared with alumni. “Given five or ten minutes, someone could find that information, so don’t put information in that could be public.”
Instead, he suggests creating longer passwords that include multi-word phrases and at least 12 characters, which makes them harder to crack. The real key is that each of these passwords has to correspond to one account or website. If they are repeated, Ryan warns, hackers can easily use one account’s password to access multiple others, exposing your personal data.
As an added layer of security, he also recommends using multi-factor authentication (MFA) – through a security token or other method – for every account. While many applications use text or email messaging for this process, Ryan suggests using an alternative method, as these are not secure means of communication.
To further reduce the risk of hacking, he also says that work and personal devices should be kept separate and used for only their intended purpose. Families with children should also ensure that parents use their own device – rather than a shared family computer – for work, as children may accidentally download harmful programs.
While there is no way to be perfectly safe from cyberattacks, these actions – as well as avoiding suspicious links, websites, and emails – can go a long way toward protecting personal data. According to Ryan, that is because hackers are highly opportunistic.
“Pretend you’re being chased by a bear, and you are surrounded by your friends. You don’t want your friends to get eaten, but you, more importantly, don’t want to get eaten,” he said during Thursday’s talk. “Just run faster and have a better security posture than they do.”
“They are going to look for the path of least resistance,” he added. “If they see five people and, out of the five of them, two are easy targets, those three are going to get spared.”
Prior to joining the red team at JPMorgan Chase in 2016, Ryan supported the IT needs of his family’s business, Rutland Beard Florist of Catonsville, and worked at a consulting practice serving federal agencies. For five years, he performed information security assessments for organizations including NASA, the Library of Congress, the U.S. Marines, the Nuclear Regulatory Commission, the Defense Logistics Agency, and the Election Assistance Commission.
Ryan holds a master’s degree in cybersecurity from the University of Maryland Baltimore County and is certified as a Certified Ethical Hacker (CEH) and an Offensive Security Certified Professional (OSCP).
Want more tips for protecting your personal data? Click here to view our discussion with alumnus Ryan Paal ’96.
Calvert School is a coed independent lower and middle school.