Computer hackers have developed numerous ways to steal sensitive information or hold it hostage, and their interactions with potential victims through email, telephone and even in person have become increasingly effective tools for their crimes.
Cybersecurity experts detailed those schemes in a conference last week in Carroll that was sponsored by Western Iowa Networks and its partners and was attended by dozens of local business and government officials.
“Some of these attacks are so severe they can literally shut down businesses,” said Jeff Roiland, the chief executive of Western Iowa Networks, which is a primary provider of high-speed internet in Carroll County and offers computer services to businesses.
The conference coincided with a rise in so-called ransomware attacks in recent years that have increasingly targeted small businesses that often are ill-prepared to fend off the attacks.
Such attacks typically are launched through email. Hackers trick someone into clicking on a link that infects their computer and can spread to other computers that are linked to it. The infectious software encrypts many of the computers’ files and requires a key to unlock them, and to obtain the key the victim business must often pay a ransom of tens of thousands of dollars.
“We make it easy (for hackers) by not upgrading our systems,” said Brandon Knutson, a data network specialist for South Dakota-based Vantage Point Solutions. “We can’t have this mindset that ‘it’s not going to happen to me.’ ”
Knutson’s company conducts cybersecurity checks of businesses, and one ploy they use to gain access to computer networks is to send someone into a business who claims to be there to clean the printers. (They’ve also had someone go into a business and use a restroom and stay in there until the employees leave for the day.)
Once inside, his security analysts can gain access to computers by plugging in a thumb drive for a minute or so, or simply by viewing a password written on a sticky note. Other times they call businesses seeking information from unwitting employees.
One employee gave detailed tax information over the phone, simply because someone asked for it.
“A lot of times we go along with these things because we don’t want to be rude — we don’t want to come off as a bad person,” Knutson said. “But you want to make sure there’s nothing funky going on.”
Here are some tips Knutson shared:
— Update computers regularly. Companies like Microsoft constantly are updating their operating systems to patch security risks that can be exploited by hackers.
— Choose unique passwords with numbers, letters and symbols and keep them secret. Change them periodically.
— Shred paperwork that contains sensitive information before discarding it.
— Don’t click on links in emails unless you are sure about their authenticity.
— Back up your data. It’s impossible to prevent all attacks.
— Invest in cybersecurity. Spending money up front can save headaches later.