Hackers target more than politicians, CEOs and celebrities. Like many businesses, Recorder employees recently received scam messages. The email included an attachment aimed to infect computers with malware. Thankfully, no one opened the attachment and the computers were unharmed, but it served as a reminder that cyberattacks are a part of everyday life.
Phone calls and emails are common tools for hackers to trick people into giving away important information such as usernames and passwords or financial information. They might call an elderly person pretending to be a tech support professional who needs access to the computer, impersonate a boss who needs an employee to transfer funds or send a malware-ridden email claiming the recipient won a prize. Therefore, it’s best to confirm the identity of people contacting you through unfamiliar emails or phone numbers. For example, if someone calls you from Microsoft, hang up and call a different Microsoft number to confirm the first caller’s identity. Also exercise caution when people you don’t recognize promise something over phone or email.
“If I get an attachment out of the blue from someone I never communicated with that’s promising me something that’s too good to be true, I would absolutely not open that,” Special Agent John Davidson, program coordinator for cyber intrusion at the FBI Indianapolis field office, said. “I would delete that immediately out of the system.”
Davidson also recommended people be careful of unfamiliar or new websites because those sites can inject computers with viruses and malware. Tools built into web browsers are a good way to identify risky websites. For example, some browsers feature a green lock icon to signify safe websites and a caution sign to signify risky ones.
Kevin Mabry, owner of cybersecurity company Sentree Systems, said the best defense against cybercrime is education because people do not fall for scams they recognize. There are free resources such as in.gov/cybersecurity to learn about cybersecurity. In addition, Mabry said employers should offer continual cybersecurity training to employees because hackers’ methods change so quickly that some cybersecurity measures can quickly become outdated. In addition to quarterly seminars, Mabry provides his clients weekly “micro-training” in two- to three-minute-long videos about cybersecurity.
“Some states are forcing companies to offer cybersecurity training,” Mabry said. “It’s getting crazy. You need to know what’s going on because cybercrime is not going to get any better.”
Mabry emphasized that large corporations are not the only employers who should offer cybersecurity training. He said small businesses with 500 employees or less are more likely to be targets of hacking because such organizations are more common than large corporations and typically have little to no cybersecurity. Hackers usually target small businesses with ransomware, a program that locks people out of their systems until they pay a ransom, or steal information regarding the businesses’ important clients or associates in order to attack them as well.
“Think of it this way,” Mabry said. “If you are a fisherman and there’s a small pond, and in that small pond you can barely see the water because there’s so many small fish in there, would you rather go there or a sea?”
If you are the victim of a cyberattack, Davidson recommends immediately calling the FBI. The bureau will not kick down doors and confiscate computers like in the movies. Instead, agents will talk with the victim to learn about their technology to discover how the hacker breached the system and what was done so they can track down the culprit.
“In an incident response capacity, we will be looking to work in partnership with the victim,” Davidson said. “Because the victim knows their network and infrastructure much better than we do, and we need to understand the abnormalities they are seeing.”
Contact staff writer Ben Lashar at 317-762-7848. Follow him on Twitter @BenjaminLashar.