Air Force veteran Randy Goss talks about cybersecurity and taking care online in the new year.
Q: What’s your background in cybersecurity?
A: I officially trained with the U.S. Air Force and was commander of a communications squadron.
Q: What do you do now?
A: I’m a vice president with Rosenberg Financial Group Inc., where I manage network operations and security.
Q: Why do you take time to offer cybersecurity presentations in the community?
A: Almost daily, you hear about security breaches at major companies or government agencies. These create fear, especially when you hear of people being targeted by things like ransomware or scams perpetrated through email. We started the seminar at Rosenberg for clients but decided to present it to help inform the public and organizations like NARFE, who I spoke to recently, and the VECTR Center to assist veterans. We’ve also done them for churches and civic clubs.
Q: Generally, what’s the big threat you see as 2019 begins?
A: The loss of Personally Identifiable Information, or PII. For example, in 2017 Facebook, Google, FedEx and others were all hacked and millions of user’s data stolen. The type of data stolen were names, birth dates, email addresses, phone numbers and such. When a hacker has it they can target detailed, malicious attacks.
Q: How can people protect themselves?
A: It gets very technical, but most simply, educate yourself, take action and stay vigilant. And remember CAP: Caution, Awareness and Privacy. First, be cautious and know the source and validity of information you receive and forward. There’s no rule saying you have to open or forward every email you receive. If you don’t recognize the sender, delete it. If it has an attachment and you don’t know the sender, do not open it.
Q: And awareness?
A: Many forget cybersecurity when they’re sitting securely at home, but a hacker can email a message hoping you’ll open it. It’s much easier for them to get you to open a dangerous email. As far as the third thing, privacy, people don’t like their private lives being interrupted but still they’ll post everything they do on social media where everyone can see they’re leaving town for a trip. Or maybe they’ll forward spam or false messages, essentially giving it their stamp of approval.
Q: Obviously, some of this may be for people with a measure of tech-savvy, but maybe even they are complacent. What are other simple tips do you share?
A: I encourage people to make it difficult for hackers to gain access to their computers and home network. Change the name and password of your router and make sure you have regularly updated virus protection, anti-malware and anti-spam software. If you don’t have these, it isn’t a matter of “if” but “when” you’re going to get a virus or malicious items on your system.
A: A good, strong password with upper case letters, lower case, numbers and special characters is the foundation of good security but I also suggest using two-factor authentication on accounts, especially financial accounts or ones where credit card information is on file. It may be a hassle, but it’s an excellent way to keep hackers out because they have to have both your account information and your mobile device where you get your authentication code. I also recommend backing up data to a removable device. There’s nothing worse than a computer crash except maybe a notice your computer is being held for ransom. In either case, if your critical files are backed up to a removable drive you can recover from it.
Q: You bring up ransom and ransomware as well as phishing, can you give a brief explanation?
A: Ransom and ransomware involve someone somehow taking control of your computer and your files and keeping you from access to them unless you pay a ransom. They’re holding it hostage. As far as phishing, it’s the fraudulent practice of sending emails purporting to be from a reputable source — but not, they’re from impostors — in order to get you to reveal personal information like passwords or credit card information. Phishers also spoof websites and links so it appears the message is from a reputable source. Carefully inspect links. People even lose money to phishing scams appearing to come from the IRS. It’s important to understand the IRS will not send you an email telling you you’re being audited. You’ll get a letter; probably a certified one. Also, you won’t get a notice on your computer or phone call from Microsoft that your computer is causing problems on their network. It’s a scam.
Q: With “smart” homes increasing, home networks are more a focus. What does the future hold regarding network attacks?
A: Right, more and more items are connected to the internet: light bulbs, refrigerators, thermostats, cameras, home alarm systems and even automobiles. It provides more opportunity for hackers. One source analyzed over 1 billion web requests daily and found one in 13 led to malware. In 2017 there was a 46-percent increase in ransomware and spam increased by 55 percent. But it’s not hopeless. At the user level, it’s up to each of us to do our part to stay informed and secure our home networks.
Q: How about public Wi-Fi? Should it be used?
A: Just be sure it’s secure. Be sure the beginning of any URL starts with “https”. The “s” is important and means secure communication between the browser and a website. If you use a public Wi-Fi, avoid accessing your sensitive information.
Answers may have been edited for length and clarity. Compiled by Michael W. Pannell. Contact him at email@example.com.