PAC Lunch: “Demystifying Cyber Crime – How Does it Affect You?”

On August 14, the Poinciana Area Council hosted one of their popular PAC Luncheons at Merrill Gardens at Solivita Marketplace.  The topic of the day was cybercrime.  First, James Froelich with the Osceola County Sheriff’s Office mentioned a few cyber scams the Sheriff’s Department has noticed recently.  These include false bill-collections, or other phone calls where a scammer tries to quickly gain money or compromising information from the contactee. 

The main speaker was Rebecca Ledingham, Vice President for Cyber and Intelligence Solutions at Mastercard relating to customer cyber security awareness and protection.  Prior to joining Mastercard, Rebecca was an agent with INTERPOL Global Complex for Innovation, where she was responsible for international collaboration and coordination around cyber investigations and all interactions and partnerships with international law enforcement, private sector organizations, and academic institutions.  In other words, she knows her stuff.

Rebecca’s number one word of advice was that we are all our own weakest links when it comes to cyber security.  Cybercrime is the product of human error – of the things we either do or don’t do.  Here is just a brief summary of ways businesses and individuals can protect and combat against cybercrime.

In Business

The four main methodologies by which you or your business may be hacked or compromised are:

1. Remote Desktop Protocol:  This is software that is used to link separate businesses remotely.  A username and password are used to log in.  For this type of software to be truly safe, two-factor authentication is needed.  This means a third, dynamic element is needed in addition to the username and password to be secure. 

• Phishing & Spam:  Phishing and spam are two different things.  Spam is not personal; phishing is.  Cyber criminals can buy “suckers lists” of stolen email addresses from the dark web and target specific institutions whose information appears on those lists.  This is spam, which makes up the majority of emails you receive daily.  Notable spam email includes scams targeting seniors and the infamous “Nigerian prince” emails.  Phishing, on the other hand, is personal to the recipient.  Phishers have done their research about their recipient and target them directly.  They may target an individual based on their industry or job description and perceived ability to leverage them for money.  They may monitor a target’s social media accounts to know when they are away and their company may be vulnerable.  This is called business email compromise and it is currently the number one cybercrime in the USA.

• Passwords:  Writing your passwords down in pen and ink is safer than saving them somewhere online, which is where cyber criminals will be looking for them.  It is a myth that changing your password regularly will help keep them secure.  In business, do not share passwords on an admin system.

• Patching:  Basically, always keep your software up to date.  All businesses use software to run their computers.  This includes the Microsoft office suite, and whatever industry-specific programs or software a business might run.  Cyber criminals can scan the internet for companies that are still running software with vulnerabilities that have been identified by Microsoft and Apple, so it is important to keep all software up-to-date as software providers identify issues and create fixes.

PCI DSS Rules

Years ago, Visa, American Express, and MasterCard got together and created a set of rules for merchants who want to accept their cards as tender.  These are called the PCI DSS Rules and they are some of the few global rules for cyber security.  They are the basic minimum standard that businesses, merchants, and banks must adhere to.  No business that is breached is compliant with these rules at the time of the breach.  It is critical that businesses, merchants, and banks adhere to these rules.  They are as follows:

1. Install and Maintain a Firewall
2. Do Not Use Vendor-Supplied Defaults
3. Protect Stored Cardholder Data
4. Encrypt Transmission of Cardholder Information
5. Use and Update Anti-Virus Software
6. Develop and Maintain Secure Systems and Applications
7. Restrict Access to Cardholder Data
8. Assign Unique IDs to All Users
9. Restrict Physical Access to Cardholder Data
10. Track and Monitor All Access to Cardholder Data
11. Test Security Systems and Processes
12. Write and Enforce a Security Policy

Some Basic Tips

• Use Apple Pay, Google Pay, or Android Pay when possible.  That is the safest way to pay.
• The safest credit card has both a chip and pin.
• Don’t click on advertising on websites.  They may not be legitimate ads. This is called “malvertising.”   Go to the original site if you wish to view the advertised product. 
• Don’t buy pre-paid gift cards if the silver foil is not intact.
• Switch your name and date of birth around on Ancestry DNA.
• Never pay ransom for stolen data.  You’re just supporting further crime.
• Don’t “cross-contaminate” your email.  Have separate email accounts for banking, shopping, friends & family, etc.
• Don’t access your personal accounts, including email, on free public wi-fi.

Fun, Interesting, or Downright Frightening Facts

• For every 12.5 million spam emails that a spammer sends out they need only one reply to make $7,000 in a day.  
• The Dark Web was originally created by the Pentagon in 1969 to facilitate dissidents in Iran and Iraq that were unable to communicate with the outside world.
• The Dark Web is not accessible by Google.  It has its own browser.
• In Russia, it is only illegal to hack Russian companies.  There are no repercussions for hacking American sites.
• Children are 35 times more likely to have their identity compromised than an adult.
• 15% of money made by cyber criminals goes toward diapers, food, and groceries, while 20% goes toward prostitutes and drugs.  30% goes toward further crime including human trafficking, drug trafficking, and continued cybercrime.
• You are more likely to be targeted if you have a Facebook account.
• 62% of gas stations in Florida are estimated to have skimming devices on them at any given time according to the Secret Service.

The Poinciana Area Council would love to thank Merrill Gardens at Solivita Marketplace for their hospitality and support, and the Osceola County Sheriff’s Office for their participation.  To find out what PAC is planning next, follow them on Facebook.