Internet scammers don’t deserve respect. They are criminals who prey anonymously on other people and businesses.
But as a South Dakota law enforcement official pointed out recently, the low-cost and successful nature of scamming operations virtually guarantees their continued existence. So, companies and consumers must be on guard. In fact, increases in cybercrime suggest that prospective victims should be on higher alert than ever before.
If scammers reach out to 10,000 prospective targets online, for example, they might only have to score once or twice to make their effort worthwhile and profitable, said James Legg, an agent with the South Dakota Division of Criminal Investigation.
“It’s a pretty ingenious economic model that these guys work off,” said Legg, who also directs the South Dakota Fusion Center, an information-sharing center that helps investigate and prevent crime.
Ransomware, which is used for digital extortion, is a particularly efficient tool for hackers.
“If it wasn’t so successful, we wouldn’t see it as much as we see it,” Legg said.
Legg was one of four regional security experts who spoke Oct. 19 at a two-hour, insight-filled gathering designed to help businesses in the Sioux Falls area protect their electronic data. The free event was hosted by the Better Business Bureau with sponsorship help from SDN Communications, Avera McKennan Hospital & University Health Center and KELOLAND-TV.
In addition to Legg, speakers included Jake VanDewater, director of network operations at SDN; Dr. Ashley Podhradsky, an associate professor of digital forensics at Dakota State University; and Jeremy Morrissey, a special agent with the Minneapolis Division of the FBI.
“It doesn’t really matter who you are; you may be a victim of a computer intrusion,” Morrissey told about 65 business people.
Morrissey said companies need to protect their computer networks like they protect their physical property. Companies are devoting more resources to protecting networks, but he said business concern for electronic assets is often sparked by a security incident.
Podhradsky emphasized that people usually are the weakest link in a company’s security system. Hackers exploit mistakes. For example, they take advantage of the naturally trusting nature of most people to gain access to sensitive information. Victims who fall for a fake pitch might give out sensitive information or click on an infected link.
Using strong passwords is one way to reduce vulnerability, Podhradsky said. The definition of a strong password changes. She said currently, a password is considered “strong” if it includes five things:
- 14 characters
- upper case letters
- lower case letters
- special characters
Avoid dictionary words in creating passwords and don’t use words that someone might be able to figure out by simply by reviewing personal information on a website.
There is no single tool that businesses can use to protect themselves from hackers phishing for information and other online threats. However, taking a layered approach to security reduces overall risks, Podhradsky said.
Layered security generally refers to a strategy that implements protections throughout a network and keeps every member of an organization alert and well trained.
VanDewater focused his remarks on the growing threat of Distributed Denial of Service (DDoS) attacks. DDoS users try to overwhelm targeted Internet sites to disrupt or block services.
“We’re seeing pretty high numbers,” VanDewater said.
SDN data indicates that the company’s broadband clients are targeted in DDoS attacks an average of 315 times per month.
With the right equipment, DDoS attacks can be blocked in advance. Ransomware attacks, in contrast, typically do not become evident until after hackers infect a computer system with malware, encrypt a user’s files and demand payment.
Among the information sources that businesses can use to help fight ransomware is www.NoMoreRansom.org. A group of security services launched the free site in July. It urges companies to back up their data, for example, so that electronic information is not permanently lost in an attack.
NoMoreRansom generally advises cyberattack victims not to pay a ransom.
“By sending your money to cybercriminals you’ll only confirm that ransomware works, and there’s no guarantee you’ll get the decryption key you need in return,” the site warns.
Companies such as SDN also can help companies with strategies and equipment to protect themselves from cyberattacks. SDN handed out educational posters about passwords, phishing and social engineering. Use the form below to download them for your business.