Pam Rosenau from MVTV gave a presentation to help educate the community about the growing threat of cyber crime. With people spending more and more time on social media, and using more and more electronic devices, cyber crime has been growing exponentially as potential opportunities expand. Half of all cyber crime is targeted towards small businesses. From 2015 to 2016, cyber crime increased 40%, to a global cost of an estimated $2 trillion, which means it surpassed drug trafficking as a criminal money maker.
Also on the rise is ransomware, which is when a hacker encrypts data on a device so the owner can't access it, then holds the data hostage for ransom, typically paid in cryptocurrency. From 2016-2017, ransomware attacks rose 167%. 64% of victims paid the ransoms.
Rosenau emphasized the importance of educating employees on email scams. She mentioned that tools and technology is making it harder to detect an infiltration. Attackers are in the system an average of 200 days before the actual attack, which is plenty of time to observe everything the user is doing and everything they have. This gives them ample material to figure out how to "press the right buttons" to get the victim to pay.
One variation covered was blackmail. Rosenau told a story about a husband who got an email saying if he didn't pay, the hacker would send snapshots of him using dating websites to his wife.
Another approach is called "phising," which has been around for decades, but still works. Phishing is basically sending a scam email to a huge list of people. Maybe 1/3 will open it. From there, maybe 12% click, and 10% of those people go and share the personal info the scammer is after. It may seem small, but apply it to a large enough list and it's not hard to see enough to make them want to continue.
Rosenau offered some specific recommendations for small businesses. The first is to accept that the threat is real, and it's not a matter of if, but when, they will have to deal with an attack. It's important to refine and restrict permission to network files, and frequently back up data off-line. The cloud back up can work but if the password is known it may not be safe. For accounting, don't allow the same person to intiate and approve wire transfers. Purchase domain names that are easily mistaken. Educate employees on email scams.
There was some debate during the presentation about the value of having a bitcoin wallet (it stores virtual currency.) Some participants speculated that even just having a wallet would make one a more appealing target.
Rosenau emphasized performing security reviews. The cost far outweighs the potential loss of data or money. Strong passwords are important. Google the list of most common passwords and then never use them - stuff like "password, 1234, qwerty, 111111, etc." She recommended the Bruce Schneier Method, using the first letters of sentence to form a password. "My dog likes to eat my red shoes" would be 'mdltemrs,' for example. It's also beneficial to mix capital and lowercase letters, and add numbers.
Social media is another common source of attack, the scammers may not even need to access the device itself. It's important to use the privacy settings, and be careful about what you share. She told a story about a grandma in Granite Falls who got a phone call. The person told her that her granddaughter had been in a car accident, and was texting and driving. They asked the grandma for bail money, or the granddaughter would go to jail. The grandma went to Wal-Mart and sent the money, then called her granddaughter. The granddaughter was in school and had no idea about the phone call or the accident.
There's plenty of steps you can take to protect yourself and your devices. Perform the software updates. Check URLs carefully, scammers often switch or misspell one letter, AdvocateTribune.com could be Advocate Trbune.com for example. Call the company directly instead of clicking email links, like if "there's a problem with your credit card." Anti-virus software is helpful. Backups, strong passwords, and a sense of paranoia can help prevent falling for the growing problem of cyber crime. It's not just big companies under attack. Take action towards prevention.