Cybersecurity expert Jeff Spann recently visited the Weatherford Rotary Club to share things everyone should know about online security and cybercrime.
Spann said that hacking is a business. In fact, profits from cybercrime totaled about $1.5 trillion in 2018, which would make it 13th in gross domestic product if it were a country.
And no one is immune to cybercrimes, including small businesses and rural citizens.
“How do they go after us? How to they find us?” Spann said. “They use automated tools scanning the Internet all the time.”
Anything connected to the Internet has an IP address. These devices are scanned to determine what device they are, what level of security it has and attacked.
“This is not some dude sitting in his momma’s basement hacking into things,” Spann said. “This is organized crime.”
One of the big things businesses need to prepare for is ransomware attacks. These attacks typically are deployed while exiting the network, meaning all of the company’s information has been breached. In fact, hackers spend an average of 40 days in the network before the ransomware is executed.
“If you’ve had a ransomware attack and wonder if your data has been stolen, the answer is yes,” Spann said. “The only way you can truly recover from a ransomware attack is with a good backup recovery.”
Planning for ransomware attacks is important to ensure businesses are able to function after an attack.
Offsite and offline data backups are important. An offline backup is necessary to ensure hackers are unable to reach it. Patch management, which is used to fix security vulnerabilities, is a must.
Planning to fail – having a backup plan for a backup plan and knowing who to call when things go wrong - will make things go smoother. Additionally, testing and training employees regularly is key to preventing future attacks.
Email compromise is another cybersecurity issue faced by both businesses and individuals.
“Do not open an email with a link or attachment unless you are 100 percent sure what it is,” Spann said.
Hackers can gain access to the executive or financial officers through email spoofing or phishing highvalue targets.
Email compromise can be used to gather data or convince someone to send money.
Vendors also can have their email compromised, which affects both the vendor and business they serve.
While big businesses offer high-value targets to hackers, individuals and small businesses also need to take security measures.
Keeping offline personal information secure is a must. The best way to do this is to keep paper documents in safe deposit box at a bank or use a fire-resistant safe box at home. Social security cards should not be carried by the person and any nonessential papers containing personal information should be shredded, including prescription bottle labels.
Online personal information can be kept secure by removing all personal information off of digital devices before disposal. Data should be encrypted before sending. Strong passwords unique to each website should be made and kept safe in a password management system.
Multifactor authentication should be turned on everywhere and personal information should not be given unless the contact was initiated by the person giving information.
Individuals also need to protect against identify theft. Social Security numbers and credit files should be frozen. This can be undone when the information is needs to be accesses and then refrozen once finished.
Identify theft monitoring services also can be helpful in this area.