Prevent cybercrime with these tips from the FBI's Springfield office
At a time when more and more people do their work remotely, at home and online, the need to protect information remains as vital as ever.
This also goes for businesses that need to keep both employees and customers safe from people who might try to take advantage of simple internet mistakes.
The Federal Bureau of Investigations' Springfield office recently held a discussion on the issues facing people and companies in the cyber world, along with efforts made with private companies to try to root out cyber threats to critical infrastructure, such as medical and corporate records and government systems.
Special Agent in Charge David Nanz was joined by Cyber Supervisory Special Agent Regina Burris, coordinator of the FBI's InfraGard partnership with private businesses and David Johnson, head of InfraGard's Peoria office. Nanz said the FBI places a massive amount of importance on protecting people from threats wherever they come from.
"This is a very important topic for the FBI," Nanz said. "Cybersecurity is among our highest priorities. Everyone's aware – particularly when it comes to some of the nation-state actors who are using cyberattacks to not only steal information from us but also to attack our critical infrastructure. That is a very important threat that the FBI deals with, working with our partners."
Much of the recent roundtable's focus was on how the FBI tracks cyber actions being taken by rogue actors against people and businesses in Illinois and the United States. However, the meeting also gathered advice for those seeking to protect themselves and their data online and on their computer, particularly if they use a personal computer for important tasks.
Here's a look at what the FBI recommends people do to keep themselves, their families and their businesses safe from cybercriminals:
Have good 'cyber hygiene'
Burris said people who maintain good habits online are at less of a risk to get involved in the kind of scheme perpetrated by a bad actor online. The steps she recommends are quite easy: don't click on emails from people you don't recognize or don't expect, don't click on links demanding action and update your operating system to provide the best in anti-virus protection.
"If you don't know who's sending you an email, or you're not expecting an email or an attachment, don't be clicking on links, don't be clicking on documents," Burris said. "They like to create a sense of urgency like, 'Hey, looks like you've changed your password on your email. Click here to check your account.' It's a very good way (for) hackers to get into your personal email account."
If you don't know, ask
One common way hackers get into personal accounts is through emails that appear as if a family member is asking for money or support. In that case, Johnson said the family member should be called to confirm if the email is accurate.
"Instead of sending (money), call (your) Aunt Ethel, send an email, go back to the source," Johnson said. "If there's a link, don't click on the link."
The same thing goes for things that supposedly come from a hospital or company. Johnson asks people to instead do a simple browser search for the company rather than blindly clicking on the link.
"If you're looking for something from (the) Mayo Clinic, type in mayoclinic.com, instead of clicking the link," Johnson said.
Nanz pointed out that if people communicate with each other – for instance, a company calling a vendor – many potential cyber crimes could be avoided.
"There's this email that claims to be from a vendor and it says something to the effect of 'Instead of using your current bank account that you've always been sending us payments, we now have a new account. Please send it here,'" Nanz said. "If only the person picked up the phone and called the legitimate vendor to confirm, they wouldn't fall victim, but what we're seeing so often is people taking action based on what this email says, without actually confirming its authenticity."
Beef up passwords and operating systems
Johnson said people should get out of the habit of using simplistic passwords that could be easy for a hacker to get into.
"Quit using '1-2-3-4,'" Johnson said. "That's something simple. That's free."
In addition, the operating system that one uses should be updated as often as possible, with older operating systems no longer being updated by the manufacturer.
"If you're on an old Windows operating system, they don't fix that anymore," Johnson said. "If there's security bugs in there, Microsoft no longer patches those. Every hacker in the world, once they figure out you're on an old operating system, they know exactly how to get in and do what they want to do with your stuff."
Find software with multi-factor authentication
If possible, Johnson said that people should use operating systems and software with multi-factor authentication instead of simply using an email, user name and/or password to access your information.
More news:Epicuriosity 101: Things to know about Rosh Hashanah, the Jewish New Year
"That alone can stop about 90% of the hacking attempts, if there's another factor of authentication," Johnson said. "You have user ID, password, but also there's a text message or pressing 'Yes' on Amazon, 'Is this really you?' Use those things."
Be vigilant, not apathetic
Nanz said even high-level government officials are susceptible to clicking on a bad email or sending emails on private, unsecured servers. Even with companies spending money on the best cybersecurity imaginable, they too are just as vulnerable as the average person.
"A lot of companies have big budgets for cyber protection, but nonetheless, they have been infiltrated because notwithstanding that budget and everything they do for cybersecurity, human beings are the greatest weakness and have employees do things they shouldn't be doing. Now, if you have the employee who is clicking on emails or accessing websites they shouldn't, that somewhat negates the whole effort that the company made to protect itself."
Burris' key message is to remain aware of anything that may threaten security online. She recommends that people take advantage of the FBI's Internet Crime Complaint Center for more information on what to do if they run into anything that could pose a threat.
"At the end of every public service announcement (from IC3), it talks about what you can do as a private citizen to take steps to not make yourself a victim," Burris said. "Patch your software, don't click on links, but if you do, I encourage you to go look at those public service announcements at IC3 because they do a really good job. It's not technical in any nature, it's just common steps that private citizens can take to protect themselves."
This article originally appeared on State Journal-Register: Prevent cybercrime: Here's what Springfield's FBI office recommends
