Local firms work with businesses, individuals to prevent new cybersecurity breaches – BizTimes.biz

Author:

Using an unordered list, summarize the following article with between 4 and 8 key points.
Hackers, scammers and fraudsters are constantly working with ever-changing methods to steal information. Today, that can happen in a single click.

It looks like a legitimate email from a recognizable person or company. But once the attachment or link inside is opened, a virus is downloaded and scammers can access your entire computer.

They can silently track the computer’s keystrokes and see passwords as they are entered. Sometimes it is not until a month or two later that the scammer acts on the information they learned and steals money or information.

“It’s like a game of whack-a-mole sometimes,” said Beth Weiland, DuTrac Community Credit Union senior fraud specialist. “Once we solve it, scammers branch off into something new.”

But proper security measures, such as using protective software and training employees to catch scam efforts, can prevent companies from falling victim. Local financial institutions, cybersecurity firms and law enforcement are working to help tri-state area businesses navigate the scammer mine field.

“The main thing happening lately is a remote access software program that is embedded into your device,” Weiland said. “When you sign into your online banking, scammers can literally watch you put in your password and have access to it.”

Weiland called it the hardest thing that the industry has to combat because it can happen so easily.

“It has gotten much larger in volume within the last year,” Weiland said.

The scams are also becoming much more widespread across demographics, targeting everyone from retirees to college students, she said.

But these scams are preventable.

DuTrac meets quarterly with the other financial institutions and law enforcement agencies in Dubuque to discuss trends they are seeing and ways to prevent fraud.

The credit union also spends time educating the public and its own staff.

Weiland writes a newsletter on fraud, hosts webinars and speaks with Dubuque citizens in person, including at assisted living facilities. She also writes social media posts to inform the public on fraud.

“A lot of cybersecurity nowadays is social engineering,” said Payton Marshall, owner and CEO of technology security firm SurgIT. The firm operates three locations in Iowa in Bellevue, Dyersville and Dubuque.

Social Engineering

Cyber criminals work by convincing people that they are someone who the victim can trust.

If a fraudster wanted to impersonate Marshall and SurgIT, they could buy an email that replaces the “u” in SurgIT with an “e” to create sergit.org. Then, they could put Marshall’s name in front of the fake email to create [email protected].

They could send an email with a link to a virus to anyone and claim to be Marshall sending them information regarding SurgIT business.

Someone who receives an email from that address might not notice the small difference. They could click on a link, and the fraudster is able to take access their device.

That scenario is similar to something that happened recently in Bellevue, Marshall said. One business’ computer was infiltrated. A fraudster then used that business’ email to send fraudulent emails about invoices to all their contacts.

It created a chain reaction where businesses were infiltrated down the line.

“Now more than ever, even in small town Iowa, it is important to be taking cybersecurity and that sort of stuff seriously,” Marshall said.

Another big issue that Marshall sees is pop-up advertisements on Facebook.

When someone is scrolling on Facebook on their computer, an advertisement pops up that says the computer has been hacked. It also tells people to call a phone number or click a link to fix the issue, but these are malicious prompts.

“Call a local trusted technology expert who can help you that you know and that you can trust because chances are your computer is not hacked, but if you call that phone number, they’re going to hack your computer,” Marshall said.

Protection methods

There are numerous ways that individuals and companies can protect themselves in the online world.

“I’d say 90% of the time, we can just go in there, fin the root cause software, remove it and everything is okay,” Marshall said.

Sometimes, the malware reaches the computer’s operating system and is able to redownload itself even when deleted.

“It gets a little bit more dicey in terms of how they get rid of it, but it’s still possible,” Marshall said. “Take it to a professional, have them look it over, and they should be able to get it all taken off.”

SurgIT offers its own antivirus and cybersecurity services. These help prevent malware from being downloaded onto the computer.

But being knowledgeable and aware is the biggest thing, Marshall said.

DuTrac uses the phrase “Pause. Ask. Protect.”

It promotes waiting a second before acting on a suspicious email, asking if the contact was expected and then refusing to reveal any personal or financial information.

People can verify information unexpectedly sent to them by calling a trusted professional from the number on their website or on the back of a business card. It is important to use contact information from a trusted source rather than information included in a message.

All of DuTrac’s financial service consultants are trained to recognize signs of fraud, Weiland said. If they see a red flag, they provide customers with a questionnaire and walk customers through possible fraud attempts.

DuTrac also provides take-home material throughout its buildings for customers that highlights common fraud signs and reminds them to pause, ask and protect.

“Businesses are asking more questions and paying closer attention to cybersecurity than they did even a few years ago,” said Jason Tyson, president of information technology services and solutions firm TC Networks, in an emailed statement.

The Platteville, Wis.-based firm provides managed IT services, cybersecurity solutions, consulting and user training.

“We focus on helping businesses reduce risk through proactive monitoring, security software, best practices and employee awareness training,” Tyson said.

He recommends businesses use modern cybersecurity software and keep their systems and infrastructure updated. The cybersecurity software provides a layer of protection against malware and routine updates help close vulnerabilities before they are exposed, Tyson said.

Another protection is to use cloud-based platforms and security tools, including multi-factor authentication, advanced threat detection, automatic updates and data backup capabilities.

Businesses should also invest in employee awareness training, Tyson said. This helps employees recognize and avoid threats.

“No solution can eliminate risk entirely, but a combination of technology, training and good security practices can greatly reduce the likelihood and impact of a cybersecurity incident,” Tyson said.