Chris Gondran, Senior Vice President and Director of Information Security for Home Bank, guides us on how to protect ourselves from internet identity thieves.
Chris earned an MBA from UL – Lafayette and has earned several industry certifications in Information Systems Security. His career has been built on helping others keep their assets safe. We’re grateful to Home Bank for bringing us this much-needed message during Cybersecurity Awareness Month.
It seems so often we’re either getting bogus texts or emails from someone trying to hack our personal account data or reading about data breaches occurring while others fail to protect their customer databases. We can all agree that the days of Butch Cassidy and the Sundance Kid are long gone, yet criminals are still “robbing the bank” as we all find ourselves vulnerable to cyber security thieves!
Cybersecurity is the protection of digital information systems. Chris says he “likens it to anything connected to the internet. Emails, cloud applications, and or a wire transfer such as an ACH payment.”
We are more vulnerable than ever before. Protecting your username and passwords is a critical step. It’s a ‘no-no’ to use the same passwords for all of your online accounts. Think of all the accounts you use: Facebook, LinkedIn, your bank account, your car note, paying the electric bill, etc. Your information can end up on the dark net, a parallel internet that criminals use to sell your data to hackers. So if your Facebook account is hacked, the criminals will take that combination of username and password and attempt to use it on all your other online accounts. Chris says that criminals have sophisticated automated computer systems and subscription software they can use to run thousands of log-in data info at any given time. Visit ic3.gov to file a complaint with the FBI (IC3) if you believe you have been the victim of an Internet crime or if you want to file on behalf of another person you believe has been such a victim; the site is also a treasure trove of information of scams and crimes being committed throughout the U. S.
October is CyberSecurity Awareness Month. It is an important reminder that human error is the biggest cause of cybersecurity breaches and we must stay on high alert. Responsibility and accountability for our online information rest upon each of us. Criminals are outthinking us all the time. There are even companies that offer malicious tools as a service. Bad actors who know nothing about hacking can go on the dark web, buy a database of email addresses and download them into software that will do the hacking for them. Chris Gondran noted that some of these companies are so big they have HR departments.
What motivates Cybercriminal activity? The most popular is financial gain, followed by people holding grudges against you (former employee or girlfriend/boyfriend), and espionage (foreign countries who disagree with our policies and just want to hurt the enemy via cybersecurity means).
Chris says “it’s always a cat-and-mouse game between the security world and the criminals. Once they realize what we’re doing to bypass them, they figure out new ways to get around it.”
Criminals use various methods to trick us and use deception to get us to perform an action contrary to our best interests. What to look for in “social engineering?” “Vishing” is the use of voice messages, “smishing” is the use of text messages, and “phishing” is an email….all of which are utilized to reel us in for a scam. Scammers will send out 100,000s of messages knowing that a small percentage of people who receive them will be vulnerable and accept the bait. If you get a message that you question, tell the person you’ll call them back. Then check it out, particularly if it is unsolicited. Log into your account if you get a suspicious email about an account; chances are the message is spam. Do not click links or open attachments within unsolicited emails or text messages.
Chris recommends using a password keeper which is found on most smartphone devices. The iPhone has a built-in protector that will alert you if you are using a weak password. Facial identification is a good way to protect information on your phone. Never share usernames & passwords with others. When you need to use a password, utilize at least 12 characters with no dictionary words. Come up with a phrase, something you can remember, and use the first letter of every word. Scammers have software that can catch obvious substitutions such as the “@” symbol for “a” or 0 for “o” and so on. Also, utilizing the cloud is important if something happens to your phone. Back up your data as you can’t recover lost data if you are not on the cloud. Use multi-factor authentication as an added layer of security.
While scams are as old as time, some stand out more than others on the internet. Romance scams are common as criminals work to gain victims’ trust via an illusion of a romantic or close relationship to manipulate and steal from them. Tech Support Scams involve criminals posing as legitimate tech support companies who notify you of an issue with your computer. They will ask you to allow them to gain remote access to your computer, and they can then install malware or steal sensitive data. Grandparent Scams are insidious as criminals pose as a relative, child, or grandchild, and instill fear in a family member as the huckster claims to be in immediate need of financial support. Government Impersonation Scams involve criminals posing as government employees and threatening to arrest or prosecute unless you provide funds; you should never fall for the offer to get out of trouble by buying gift cards and giving the number off the back of the card. Once the money is transferred, it is untraceable. No real business or government agency will ever insist you pay them with a gift card. Never send money to anyone you have only communicated with online or by phone.
Business Email Compromises are common. Cybercriminals compromise a legitimate email account and send malicious emails from it. Our guard will be down, because we know the sender and recognize their email address. Some criminals will monitor emails and highjack a conversation. Be careful. Criminals will find a domain that looks like a legitimate one, provide a malicious link, and you can be scammed before you know what happened.
It is important for businesses as well as individuals to become aware and create a culture of awareness. · Stopthinkconnect.org is a great sight with lots of information for staying safe at home and with personal online matters. Cisa.gov is an official website of the U. S. Government with free services and tools to help you prevent a cybersecurity breach.
You can review online services to discover if your phone or email account have been breached. Chris recommends https://haveibeenpwned.com/. He further recommends that you write down as many details as you can remember and keep copies of all documents, emails, text messages, etc. if you think that your data has been breached. Chris’ last takeaway of the day….focus on your high risk accounts such as Amazon, Apple, your bank account and Microsoft Office in the Cloud….these are all of high value to an attacker as they are tied to your money.
We thank Chris Gondran and Home Bank for an enlightening discussion. It’s a new day and we all need to be aware of our actions to protect ourselves and those around us.