LIMA — As businesses steadily rely more heavily on digital systems, cyber criminals have evolved their approach to better take advantage of security flaws and human error, FBI Special Agent Scott Halibur explained during a networking event hosted by the Lima/Allen County Chamber of Commerce.
Adah Ellerbrock, the chamber’s vice president of community relations and programs, said cybersecurity has been a concern for many area businesses, and the talks by Halibur and Tomorrow’s Tech Today CEO Lisa Niekamp-Urwin would inform businesses on what they can do to combat potential gaps in cybersecurity.
The first preconception Halibur debunked was the idea cyber criminals are “lonely guys” sitting in their parents’ basements. That may have been closer to the truth in the ’80s when hackers would wipe data to prove they could do it, but today’s professional criminals have organized into sophisticated cells capable of tricking employees into shelling out thousands of dollars to buy back stolen proprietary information.
Halibur compared today’s digital criminals to someone knocking at a locked door. A business may have a complicated security system that keeps the door shut against forceful entry, but hackers have found ways to convince employees to open the door or give security clearance.
“The biggest threat to your security is human error,” Niekamp-Urwin said.
Hackers will comb through social media, discover business organization, identify key figures and even spend months determining the best way to interact with individual employees in order to convince them to click on a link or download an attachment full of malicious code.
That code can then infect a computer system, delete backups and potentially hold important information for ransom until a company pays whatever the hackers demand to get that info back.
Halibur told the story of one hospital that hackers targeted, infected with ransomware and stole its medical records. The only way to get the records back was a $400,000 pay out.
Halibur recommended businesses stay safe by installing fire walls, investing in security programs, backing up systems, encrypting internet connections and utilizing two-party authentication. Those techniques will keep the door locked, he said. But to maintain maximum security, employees will have to ensure that their online habits aren’t creating loopholes for hackers to use.
Common mistakes include plugging in unknown USBs drives, using easily-guessed passwords, absentmindedly clicking through emails or putting too much information on social media that could be used to answer security questions during a password reset.
“We need to educate our employees and make them understand that these types of things occur,” Halibur said. “Any information you put out there can be used by those who are out there to get into your systems.”
Reach Josh Ellerbrock at 567-242-0398.