December 26, 2019
Listen to the full Discover Lafayette Podcast with Jan Swift
In this episode of Discover Lafayette, Jan Swift meets with the Cyber Security Team at RADER: Chief Security Officer Tim Fournet, Sarah Bryson, Head of Security Operations Team, and Tyler Robertson, Cyber Security Analyst, who discuss the importance of planning ahead to avoid hacks that can bring down a business.
The “World Wide Web,” or the internet as we call it today, was invented in 1989 by Sir Tim Berners-Lee as a convenient way to share data on open platforms in a non-discriminatory way; it was not set up to secure the data, and in those days, people freely shared their Social Security Numbers and other personal data without fear of being robbed blind or having their business systems stolen and held up in exchange for a ransom.
It’s a different day in 2019. Savvy criminals now run organized businesses on the dark web where they buy and sell everything that’s available to be exploited. Using untraceable cryptocurrencies, unsavory characters can purchase your email password for a couple of bucks or spend time on other people’s computers (for $10 to 15 bucks). Personal identities are harvested by criminal actors and sold for profit. Government computer systems are shut down by ransomware; department stores such as Target report that millions of users’ debit card accounts have been compromised.
Tim Fournet has been with RADER for fourteen years and has witnessed the evolution of computer problems people experience. The early days involved buying, maintaining and fixing hardware for small businesses; today, RADER typically manages entire computer and telephone systems to prevent problems for businesses ranging in size from 10 to 1000 employees. As technology has advanced quickly over the past decade, Tim has seen the benefits of utilizing cloud computing become countered with the risks of bad guys having access to all of your data.
With the increase of criminal activity over the internet, most of which is untraceable, RADER is now focused on teaching their clients to understand the risks that are out there and how to better protect themselves with security measures.
The importance of educating all employees on how to prevents cyber hacks can not be overstated. No matter how sophisticated a computer system nor how many security measures have been implemented, the end-user is where the system is most vulnerable. One click of a link that shouldn’t have been clicked can transfer funds that will never be retrieved, leak trade secrets and intellectual property, release personal information on your clients, and cause other untold damage that can permanently ruin a business.
“Spear Phishing” or “Whaling” is a phishing attack that targets a specific high profile employee with the intent to steal information or cause a transfer of large sums of money. More nefarious than a generalized attack on a system, the “big phish” victim is targeted online by the criminal actor who requests specific information or wire transfer of money from what seems like a trusted source using personal information about the target.
RADER recommends that multi-factor identification be used to help protect your personal accounts. Using something other than just a user name and password to confirm your identity, such as receiving a text on a separate device from the one you’re using to access your online account is desirable. Use different passwords for different accounts. Once you’re hacked, your social media accounts are also open for abuse and the thief may stay in your account for weeks and months to learn about you and then be able to impersonate you online. Passwordless logins are the coming wave and biometrics such as voice, face, fingerprint or iris modalities identification will be the next security protection standard to counter the abuse being experienced.
Schools are in danger zones along with businesses. With the growing use of personal computers on campuses, our children also need education on how to protect themselves and the data they have access to. School hacks are becoming more common as students innocently click on links that can bring down the entire school network. Use of smartphones and computers on free wireless networks also sets one up for hacking, as bad actors can learn all about your life and your bank account while you sip your coffee with friends.
1. Use strong passwords.
2. Don’t email sensitive information.
3. Install computer and software updates.
4. When making payments online, make sure the website is using HTTPS.
5. Always secure your wireless network with a good password.
6. Don’t write down passwords or store them in a MS Office document.
7. Be wary of email attachments from unknown senders.
8. Don’t wire money based on an email request from a fellow employee without a verbal affirmation that the request is legitimate.
9. Lock your computer when you walk away.
In today’s vulnerable climate, security threats warrant a budget of their own, separate from what business or government will budget for hardware and software. City and state-level governments are being attached wholesale; Pensacola, Baltimore, the Texas Attorney General, South Carolina Department of Revenue, and of course just recently, the Louisiana Department of Motor Vehicles are all examples of major security breaches which bring government to its knees as all services are disrupted.
Cybercrimes are typically engaged in by people in third world countries and are virtually untraceable. Ransomware payments are gone once you send them and not retrievable. Unlike robbing a bank, phishing is convenient to do in the privacy of your home and there is very little cybercrime policy or security measures in place to protect innocent victims. The anonymity and remote access for these crimes make it much easier to rob people than in-person encounters. And sadly, when cybercrimes are conducted by foreign state-level actors against governments, all security may be compromised as there aren’t typically enough resources to fight back.
The Cyber Security Team at RADER has extensive experience and education in all matters that affect a business’s IT security. For more information, please visit https://www.radersolutions.com/
RADER is a local IT Company based out of Lafayette, LA, servicing companies throughout the United States. Find out more about us or how we can seamlessly manage and integrate all of your technological needs.