Don’t Be the Low-Hanging Fruit in a Cyberattack, Scott Schober Tells Audience at FutureCon
A while ago, Scott Schober was hacked and his accounts were compromised. The hackers even got $65,000 from his business bank account.
“The common question I get is: Did you get the money back?” The answer was yes, but “more important was what I learned in the process,” he said at this year’s New Jersey CyberSecurity Conference (FutureCon), which took place in Princeton on April 17.
Speaking to several hundred IT and cybersecurity professionals, the author of “Hacked Again” and CEO of Berkeley Varitronics Systems (Metuchen) said, “We all can fight back. And it doesn’t have to cost a fortune to protect yourself.”
Schober added, “Spending the money in the right places, and spending it wisely, and making wise decisions” can help stop people and companies from being the “low hanging fruit” hackers want to attack. “Cybersecurity is everybody’s business. The janitor up to the CEO has to have some basic information about how to stay safe.”
While many people have become numbed after hearing about yet another cyberattack, the cost of these attacks is real. Cyberattacks will cause $6 billion in damages annually by 2021, he said.
During the talk, Schober drove home his theme: Don’t choose convenience over security.
Here are some of his recommendations:
- Most people use ordinary unsecured USB sticks. Don’t do this. Why? The bad guys like to put malware on free USB drives. In one case, hackers tossed several USB sticks outside an event just to see who would pick them up and use them. The sticks were laden with malware. The hackers were hoping that the users would “bring them into the office and infect the company,” and then the software would migrate to the company’s network. The malware might be a Trojan, sitting there for a time, while collecting personal information. Instead, choose a USB stick that is password protected and has encryption. And use a strong password, he said.
- Despite all the money and time devoted to training employees to not click on links in emails or open unverified attachments, people still fall for phishing attacks. “We’re not always concentrating on one thing at a time, so that leads us to an opportunity to click on something that leads to a phishing attack,” said Schober. Some 156 million phishing emails are sent out every day by criminals, and 26 million of these emails get through the spam filters. Some 80 million people open these emails yearly, and of that 80 million, 8 million actually fall for a scam, imprudently clicking on a link or opening an attachment. “You can disperse ransomware this way,” Schober said. Educating employees and the public is still the only way to combat this problem.
- Many people keep their passwords on sticky notes. Consider a password manager, he suggested. Yes, some of them may have been hacked, but it’s a “lot better to use a password manager than to be cyber complacent.”
- Remember to password protect your wireless router or access point. People are so excited about getting their new, faster routers that they forget about security. They don’t take the time to change the default admin password. “Please take the time to change it,” he said.
- Speaking of Wi-Fi, hotspots at hotels and airports are great conduits for malware, said Schober. He noted that it was easy for hackers to conduct a man-in-the-middle attack even at a cybersecurity conference, as attendees willingly connect to free Wi-Fi. He recommended using your cell phone as a hotspot because 4G LTE direct connections to the cellular network are “very hard to hack.”
- Also, turn down the power of the Wi-Fi at your home or office access point, so it is just enough to cover the footprint of your home, not the street or the buildings across the street.
- A large percentage of pumps at gas stations have been compromised by hacker-installed devices to steal credit card information. The easy solution is to pay cash when you buy gasoline. Then the hackers can’t steal the information.