Cybersecurity breaches are becoming more and more common in the news, affecting major corporations, disrupting trade and even making our local schools vulnerable in the time when they’ve been reliant on remote learning.
Many experts called the Colonial Pipeline ransomware attack a “wakeup call” for the nation’s cybersecurity. Hackers breached the network of a utility responsible for delivering a vital resource to at least 17 states.
Criminals were able to infiltrate Colonial Pipeline Co. in April through a targeted attack through an employee’s remote-access work account, according to a June 4 Al Jazeera article.
But the reality is, you don’t have to have millions of dollars to lose to be targeted or become a victim. In fact, this past fall, the Newhall School District was left offline for nearly 10 days in September after what’s known as a ransomware attack — an attack by software that threatens to publish data or perpetually block access, unless a feww is paid.
These threats exist in your home, on your phone and, most importantly, almost anywhere you’re connected to the internet and your inbox.
It’s more important than ever that you not only protect your information and change your passwords regularly, but that you make sure you’re aware of what you’re clicking and who you’re emailing.
What can happen
“Phishing occurs a lot because people open attachhments that come into their emails without paying attention to what’s really going on,” said Sgt. Alex Gilinets, who works in the Fraud and Cybercrimes Bureau of the Los Angeles County Sheriff’s Department, “no matter what kind of advice you give him in regards to not doing that.”
But Gilinets also sees a lot of investigations that stem from incidents in which people thought they were sending their money or payment information to a legitimate source.
“The best advice is never give your personal information to anybody online, unless you know exactly who you’re dealing with,” Gilinets added.
It doesn’t hurt to go the extra mile and make a phone call, he added, just to double-check. It could save you almost everything.
“Don’t hesitate to pick up the phone call — if you know the person and where the email’s coming from — to confirm that they’re the ones that actually send you an email,” he added. And if the communication involves payment and you can’t reach anyone at the contact you have, that might be something to consider.
“Do not open unknown attachments if you have no idea who the email came from,” he said, “and take a little scrutiny and look at the email closer to make sure that the emails actually (are) coming from a person that they know.”
There are 10 victims of cybercrime created every second, according to a Norton LifeLock report from the industry leader, which now offers holistic solutions to cybersecurity that range in price from about $7 to about $26 per month, with the higher-end plans coming with up to $1 million in reimbursement for stolen information.
The list of services, everything from “Phone Takeover Monitoring” to “identity and Social Security number alerts” gives an idea also on just how much goes into security.
“You see all kinds of threats these days,” said Michael Wong of Webroot cybersecurity, who was a guest speaker at a past SCV Chamber talk on the subject. “You have ransomware, crypto-logging, crypto-mining and all of those are all real threats. Our job is to keep customers up to speed with what’s actually out there … how do we come into play as to the target and protect against (those threats).”
If you decide against a home-security system for your home network — which is often less expensive than a traditional home-security system — there are a few things you should know in case you become one of the more than 330 million people who have been a victim of cybercrime.
If security is breached
Even on USA.gov, the federal government’s website, there’s a caution because scammers try and use the federal government’s scam-reporting hotline, 1-844-USA-GOV1 (872-4681), for what’s called “spoofing,” which means that scammers have figured out a way to tell your phone or computer that the person is calling from a fake number. It’s another reason why if you’re not 100%, it’s always a good idea to check. Even a transaction of a few pennies can reveal valuable information to a thief.
But if someone is able to hack your network and you think your information is compromised, there are a few steps you should take immediately. The first being contact the three credit bureaus.
“You can report the potential identity theft to all three of the major credit bureaus by calling any one of the toll-free fraud numbers,” according to information at USA.gov. You will reach an automated telephone system that allows you to flag your file with a fraud alert at all three bureaus. Experian (1-888-397-3742), Equifax (1-800-525-6285) and TransUnion (1-800-680-7289).
While this won’t help you get any potential lost funds back, a fraud alert should stem future attacks (at least for 90 days), by making it harder for any nonverified person to access your account. And, of course, if you find anything that doesn’t make sense on your credit reports, you should definitely contact the credit bureau.
The Sheriff’s Department also sent out a recent alert about the “Microsoft Exchange On-Premise mitigation tool,” which can be obtained from Microsoft at: microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers/