We all know the world is a dangerous place, but many of us still have little understanding of one of the biggest threats to families and local businesses; identity theft and cyber fraud. While statistics vary, most experts agree in excess of 10 million people have had their identity stolen; with combined losses in the multiple billions. Loss from identity theft can range from a fixable inconvenience to losing all of one’s financial assets and hard earned credit rating. Additionally, there is also medical identity theft, which occurs when someone uses another person’s identity to fraudulently take his or her medical services. The notion of losing ones identity is a horror so unspeakable many are afraid to face it head on.
Big and small business fall prey to cyber attacks every day. A big issue now is cyber extortion. Hacking firms (which do, in fact, exist) charge extortion money for stealing data and selling it back to the victimized company. This puts businesses and institutions in no-win situations. They can refuse to pay and try to use methods to protect themselves or they can pay and hope for the best.
Recently I spoke with Kevin Stokes, Chief Information Officer for the Town of Brookline, on what Brookline residents and businesses can do to protect themselves from cyber threats. Kevin’s department is tasked with keeping Brookline.gov and the Town’s other online assets safe from hackers. Brookline’s IT department works closely with the Boston Regional Intelligence Center, or BRIC. BRIC is part of the Bureau of Intelligence and Analysis, which is a division of Homeland Security and Emergency Services. Its task is to manage the overarching process of coordinating the flow of information across all bureaus of the department and across all levels and sectors of government and private industry.
Protecting Town assets from the threat of cyber attack is an important and ever-changing responsibility. All organizations must understand the threat and the current landscape, to follow best practices with respect to Internet security and be vigilant. Keeping this in mind, the first thing to acknowledge about cybersecurity is that the notion of true Internet “security” does not exist. When asked about protecting Town assets Stokes replied, “The Town works closely with our vendors and third parties to ensure our information is protected to the highest extent possible.” Note the term “highest extent possible”. Stokes continued, “In our current environment, we all need to minimize our risks, work with our partners and educate our employees. Even with all the prudent safeguards in place, the recognition should be that nothing is foolproof”.
We then asked Kevin Stokes the obvious question: why isn’t the Internet safe? According to Stokes: “Keep in mind this all started because originally the web wasn’t built for ecommerce. Tech progressed faster than reality. So before safeguards could be put in, the web had become the Wild West. In the case of e-commerce, the convenience and potential online business trumped security early on. And in the end, we are still paying catch-up”
So given this reality what can we do as individuals and small businesses to reduce our exposure to Internet fraud?
Stokes, “As an individual, protecting against identity theft means limiting your data footprint, using strong and diverse passwords and using anti-virus and anti-malware software on your computers and digital devices.”
How are small businesses at risk?
Stokes, “The biggest cyber threat for most businesses is their own employees. They have access to company data and assets, and have potential to unwittingly expose their company to scams and breaches.”
I asked Kevin about the biggest cause of cyber attacks on individuals and businesses, Social Engineering. Social Engineering is a non-technical method of intrusion hackers’ use that relies heavily on human interaction and often involves tricking people into breaking normal security procedures.’
What can we do on a regular basis to minimize our risks?
Stokes, “It’s important to learn how to protect yourself, what tactics are used to obtain your information and understand things like sharing passwords, using open WIFI networks you find in public places to make financial transactions, will add to your cyber exposure. It’s also important to separate personal email accounts from business accounts. Avoid pre-screen credit card offers and emails with coupon codes. For some specifics on what you can do to protect yourself, our website has recently been updated to help residents and local businesses.”
For more information on protecting personal assets, go to the Town’s cybersecurity page.
~ R. Harvey Bravman