Headlines rage every week: Who will be the next cybercrime victim?
This week, the headline would read: “City of Tallahassee hacked (again).”
Cybercriminals nabbed a half-million dollars in the city’s payroll money.
Ouch for the taxpayers.
Or does the city have cybercrime insurance? They should, that could lessen the damage.
But there are some protective measures (and other procedures) that can be put into place to decrease the chance of this happening to you.
Also, a shout out to Karl Etters from the Tallahassee Democrat for his piece on the subject, and including me in it.
At least it wasn’t as cyber-creepy as the 2017 ISIS/North Korea/City of Tallahassee Hack.
So, in this instance, it looks as if Tallahassee itself wasn’t compromised, but, in fact, a third-party was attacked.
With that in mind, a few basic questions:
— When working with any third-party, do you review their security measures?
— Is data encrypted while at rest or in transit?
— Do you store sensitive data at your location?
— Is your facility a Tier 3 data center (armed guard, generator, etc.).
— Do you have cyber insurance?
— Do you put all employees through cybersecurity training?
— Does your network security include geo-IP filtering (blocking all IP addresses outside the U.S. to further reduce threat likelihood).
These are all essential questions you should be asking any and all parties with which your organization works.
Hacks can destroy brands, affect elections, ruin reputations and cost lots and lots of money.
I was talking to Karl about a more devious method of hacking, one which didn’t occur here but really highlights the need for training and higher security standards.
Your typical cyberthreat will come in via email, a fake American Express notification to click and “verify” account info.
They either: A) steal your account info once you enter it (phishing), or B) the link freezes your computer and demands a ransom to unfreeze it (ransomware).
But did you know there is also a lesser-known option C. That is where you click, and nothing happens — or so you think.
Meanwhile, malicious code is embedded in your machine and it tracks everything you do and is just waiting until you go to the online bank — WHAMMO — you are compromised as it tracks every keystroke. Now it can go back into your account and wipe you out.
Among the more high-profile cybercriminals specializing in ransomware, Zain would buy advertisements on adult websites and embed them with ransomware, so when the target clicks, there comes a bogus message from the FBI claiming they must pay a fine — right now.
This week, Zain got busted in England. Good for the chaps and bobbies in the UK; they pushed some OT this week.
For Floridians, keep a close eye on this case. Zain allegedly had an accomplice in our state to assist with laundering the bounty from these crimes, using a complex cryptocurrency swap (which I will touch upon in a separate column this summer0.
First Zain and now the WikiLeaks guy, who is bound to be a basket case after living in the Ecuadorian Embassy for 7 years.
Can you imagine? Nice work, UK law enforcement.
Back to how to protect yourself from these and all threats.
— Deploy a tightly configured network security appliance (firewall).
— Change your password every 30 days.
— Do not click on emails from an untrusted source.
— Tighten up your spam filter setting (contact your IT person about this).
— Keep your anti-virus software renewed, buy a cyber insurance policy, go through cybersecurity training.
— And (for heaven’s sake) don’t go to shady websites.
Criminals lurk there knowing people are more than likely not going to report an incident that occurs while surfing questionable content.
Hackers and hacking are everywhere; it could be someone like Zain or an 11-year-old hacker who breached the state of Florida election system … just to show the world it can be done.
Take some steps to protect yourself. You can never be 100 percent safe (unless you don’t go on the internet in the first place, that is), but at least you can minimize risk.
Also, if you see a cybercrime, say something — report it to the authorities.
We all have to play a part to help make computing safer for everyone. I have met with FDLE on the subject in my office; that is straight from their mouth. You can report suspicious activity by using this link.
See you out there.
Blake Dowling is CEO of Aegis Business Technologies. He Can be reached at firstname.lastname@example.org