The list of ways to thwart cybercrime offered by FBI experts at a recent seminar in Richmond stretched across the internet in ways that were both reassuring and disturbing.
The bottom line on both accounts was the same: We all need to pay closer attention to the forms of theft that cost the country $6.9 billion in 2021. Virginia’s share of that loss was $172.8 million.
Most of us take internet security for granted. We have become lazy. That is a bad mistake as the sophistication of criminals on the World Wide Web grows. Each of us needs to ask ourselves a few basic questions about how we protect our most important financial and personal data.
Do we use the same password for most online accounts because that is easier to remember?
Is that password something more complex than a personal nickname or a relative’s name?
People are also reading…
Do we use a variety of complex passwords for different accounts?
Do we use multifactor authentication to sign on, or do we find it too inconvenient and time-consuming to have to go to our email account to get a separate authentication code after typing in our user ID and password?
Have we disabled the email forwarding function on our personal and work computers?
Do we use virtual private networks or VPNs?
Do we have anti-phishing tools and other security systems installed on our computers? And by the way, do we update the security software regularly?
If we get an email that looks suspicious, do we take the time to pick up the phone, and call the person or group or business that supposedly sent it?
Some of the best advice arising from the FBI seminar is to practice what one agent called “click discipline.” In an increasingly digital communications network, many Americans have become conditioned to automatically click on every text message and email they receive.
Reading subject lines and texts, and studying the associated links, need to be pro forma before clicking. As a rule of thumb, the agent said, if what we receive advises us to act urgently, we shouldn’t.
This is as true at work as it is at home. Compromised business emails accounted for 35% of cybercrime losses in 2021, the FBI reported.
Romance scams on dating websites now operate like sexual predators, grooming victims for weeks, months or even a year, before asking for money in transactions that would not pass the smell test if initially proposed.
Ransomware, which worms its way on to business computers and extracts company data to make it public (unless the business pays a blackmail fee) has grown complex. Industry targets include critical infrastructure and health care, which have the most to lose if compromised.
But some criminals buy names and passwords from the dark web and send out mass threats in a strategy the FBI calls “spray and pray.” A few ransomware networks have grown so large that they now employ contractors to extort money for them in exchange for a percentage of the take.
Here’s what businesses, large and small, should know: Develop a plan to respond to cyberattacks. Designate someone as a single point of contact.
If a cyberattack happens, have that person immediately report it to the FBI and do not kill the identifying information of the attacker. Preserve it so investigators can use it to trace the criminals. Think of it like a murder scene, said Stanley Meador, special agent in charge of the FBI’s Richmond Field Office. Don’t contaminate or alter it.
Big companies that employ numerous vendors or contractors need to limit the affiliates’ access to the main company computer system, a process called “network segregation.”
Don’t assume cybersecurity insurance offers comprehensive protection. Carefully read the the insurance policy. It might not cover certain kinds of losses.
Whatever else we do, all of us should keep this web address handy: IC3.gov. It leads to the FBI’s Internet Crime Complaint Center, where individuals and businesses can quickly and easily report problems. While we try to thwart the online scammers by changing our internet behavior, we might need to do that, too.