Local expert tells how to keep your computer and personal information safe
- Oops!Something went wrong.Please try again later.
The bad guys may seem like they're winning, but with time and effort you can protect yourself, your family, your money and your computer and smartphone from attack by hackers, scammers and other cybercriminals.
That was the message of Jim Rome, webmaster for several local nonprofit organizations who spent the latter part of his career at Oak Ridge National Laboratory providing computer security for classified systems. He delivered his message most recently to Friends of ORNL.
He mentioned that recently the city of Oak Ridge had been a victim of a “denial of services” malware attack, causing network issues and making its business side unable to process utility payments for days.
Malware, short for malicious software, is a set of computer programs created by cybercriminals that can steal data from and damage or destroy computers and computer systems. It includes viruses, spyware and ransomware – software designed to block access to an individual’s personal data or a company or organization’s computer system until a sum of money (ransom) is paid.
Rome said that the global cost of cybercrime was estimated at more than $7 trillion dollars in 2022. In the first half of 2022, more than 50 million Americans had been affected by cybercrimes, the highest rate of data breaches in the world. The nations that have the most dangerous cybercriminals include China, Russia, Taiwan, India, Brazil and the United States, according to one source.
Rome cited two recent computer attacks that have affected corporations and customers. One cyberattack disrupted operations of the cleaning products maker Clorox, reducing the availability of the company’s products and slashing its quarterly earnings and stock value by 20%.
In September, a cyberattack at MGM Resorts International, he added, caused widespread disruption on the Las Vegas Strip. The hotel and casino giant had to require manual check-ins and the use of physical key cards so guests could access their rooms.
Potential customers could not make advanced reservations because the website and online booking systems were pulled offline. Some customers’ personal information was captured by the bad actors. Slot machines were shut down. The company lost more than $8 million a day during the 10 days it took for it to return to normal operations.
Most computer users have been warned about “phishing attacks” – the fraudulent practice of sending emails or other messages purporting to be from reputable companies to induce individuals to reveal personal information, such as passwords and credit card numbers. They are told not to click on attachments from senders they don’t recognize.
“Almost all attacks on computers bypass our protections because we do something stupid,” Rome said. “Almost 75% of organizations in the United States have experienced a successful phishing attack.”
According to one of his slides, “Cisco’s 2021 Cybersecurity Threat Trends Report suggests that at least one person clicked a phishing link in around 86% of organizations.”
Rome said that phishing is by far the highest cybercrime category.
"Fortunately, most phishing emails are filtered out by mail providers such as Google’s Gmail. But some still get through to your inbox.
“Watch out for emails that end up asking you to send money or buy gift cards. If the email fraudulently states that it is from “My friend,” call your friend(s) to verify that the message is fake.
“Even I, a supposed expert, sometimes have trouble detecting scammy emails. To detect phishing, you must learn how to read the header of your email.”
To learn how to find the header to determine if the email message source is fraudulent, visit the https://blogs.jamesrome.net/phishing portion of Rome’s www.jamesrome.net website.
What should you do to protect yourself?
Rome said you can best protect your computer and cell phone from phishing and other attacks by using strong passwords, keeping your operating system and applications up to date, protecting your cell phone by setting software to update automatically and protecting your accounts by using multi-factor authentication and your data by backing it up on an external memory storage disk or flash drives, not cloud services.
Rome recommended that all your passwords be different for each website and be 12 to 15 characters long to be safe from brute-force cracking by hackers; the characters must include upper- and lower-case letters, numbers and symbols. Passphrases containing unrelated words (e.g., “preschool-anemic-outshoot”) can be more secure than a complex, but short password.
He advised the audience to subscribe to a password manager like the free one he uses – Bitwarden.
“I back up all my passwords in an encrypted spreadsheet that I put in my Dropbox,” he said. “Do get a good malware detection or prevention program but recognize that they have their limits.”
Passkeys are gradually replacing passwords because the former are more secure, Rome said. Users of passkeys can sign into apps and websites with a biometric sensor such as a fingerprint and facial recognition, thus avoiding having to recall and manage passwords.
Be careful about installing dicey computer programs, Rome warned, suggesting that you read all the bad reviews, not the good ones, “because the owner of the website isn’t going to put fake bad reviews on its site.” He also mentioned that electronic devices and software do not last forever and that it is unwise to buy older, cheaper, used models of devices because they cannot be updated with the latest operating systems and applications. And he said that some offers, such as low-cost data storage on cloud services (which have slow upload speeds), are too good to be true or useful.
Rome adamantly recommended that his listeners refrain from investing in cryptocurrency, often called crypto. This form of currency exists digitally or virtually and uses cryptography to hide and secure it.
He quoted Bruce Schneier, dubbed “the security guru” by The Economist magazine, who wrote about crypto: “It’s not secure. It’s not safe, it’s not reliable, it’s not trustworthy, it’s not even decentralized, it’s not anonymous, it’s helping destroy the planet. I haven’t found one positive use or anything that couldn’t be done better without it.”
Always use a credit card, not a debit card, so as not to lose money when you make a purchase, Rome said. In his conclusion, he stated, “Do not put anything you will regret on the Internet, including social media.”
He gave other advice such as “consider encrypting attachments that have sensitive information you want to send by email and consider changing your domain name server.”
To learn more about his encryption, DNS and other recommendations, listen to his talk while viewing his PowerPoint presentation at www.jamesrome.net or on the FORNL website www.fornl.org by clicking on “Past Talks” at the top left of its homepage.
This article originally appeared on Oakridger: Local expert tells how to keep your computer, personal info safe
