Chamber Learns Cybersecurity; Change $1PaSsWoRds# Often

COURT HOUSE – “The weakest link in cybersecurity is the individual,” said Detective Kyle MacDonald, Cape May County Prosecutor’s Office High Tech Crime Unit, to Cape May County Chamber of Commerce during its Nov. 15 meeting at Stone Harbor Golf Club. 
“Whether it’s the user forgetting to update their password, whether it’s the administrator forgetting to update security patches; the user is usually at fault for whatever may happen,” said MacDonald.
Use Complex Passwords
MacDonald suggested avoiding using simple passwords, like “password” or “12345,” as everyone knows them, including hackers.
“An eight-character password that’s all lower case that’s only letters can be guessed in less than a day by a computer,” said MacDonald.
Long, complex passwords are best, using a combination of letters (upper and lowercase), numbers, and special characters. The more complex it is, the longer it will take to guess, which will deter hackers.
“If you take that same eight-character password, and you make it very complex with special characters, capitals, lowercase (letters), it’s going to take a couple years to guess,” said MacDonald. “If someone was just testing your security, which is the majority of the problems out there, they’re going to give up after a couple days, and then move on to the next target.”
For those worried about forgetting long, complex passwords, MacDonald suggested taking multiple passwords and stringing them together to make one, long password.  
MacDonald recommended changing passwords every six months to maintain a high level of security.
Separate Work, Personal Devices
Many people use the same devices, i.e., computer, cellphone, etc., for work and personal activities, but should reconsider, according to MacDonald.
“When you start intermingling the use of personal information with business information, you have a greater risk of getting a malicious email, or visiting a website that you were trying to shop on that maybe was infected with a virus somehow.
“The more bleed over you have between personal and business, the higher risk it is going to be to your business.”
Invest in Security Cameras
The holidays are approaching, and with online shopping, thieves know that this is a good time of year to take packages that are sitting in front of homes and businesses, which is why MacDonald recommended investing in security cameras.
MacDonald said security cameras are “the unlying witness,” citing crash scenes as an example.
“We’ll talk to everyone we can talk to; both people involved in the car crash, every witness out there. Every person has a different story. You know what doesn’t have a different story, security footage.”
Security cameras help reduce crime, as well as help crime investigations be more successful, MacDonald added. 
Beware Email Probes
Vicki Clark, president, Cape May County Chamber of Commerce, asked if there was anything new that chamber members should be aware of in regards to cyber scams.
MacDonald said email probes are the big thing right now, “especially amongst banks, title companies, and real estate companies where someone does what’s called a ‘man in the middle’ attack.
“They’ll somehow figure out that two people are communicating and put themselves in between the two individuals,” making an email that looks very similar to the email being used between the two parties.
The person attacking the business might change a letter in the email address, but keep the same name, MacDonald said.
“(We) recently had this happen several times in the county where a title agency and a real estate office got duped… the biggest one (loss) we had was about $750,000.”
A lot of these end up going overseas, and about three-quarters of the time, it goes to Nigeria, MacDonald added.
“(We) go to a federal agency for help, go to the other countries for help. A lot of times $750,000, they’re not even interested in; they’re waiting for the millions of dollars. So, unfortunately, we don’t have a lot of recourse for that.”
This is where business owners and their employees need to be vigilant, MacDonald said. He recommended checking every email and, when it comes to transferring funds, to verify over the phone with someone using a phone number from a previous communication with that person, not the phone number listed in the email.
“These scams are getting very sophisticated,” said MacDonald. “You used to be able to rely on improper English in the wording of some things; (you) can’t really rely on that anymore.
“Is that a great indication? Absolutely. Is it the only indication? No. They have people that are several generations deep into doing these scams at this point.”
Research Applications
When asked what applications (apps) were available to store passwords in, MacDonald warned, “Anything electronic can be hacked.” He could not recommend any one particular app, but said most of them are fairly secure, and to be sure to research the app before installing it.
“Do your due diligence… the higher the encryption level, the better, the more positive reviews… do some research on it, Google the name of it to make sure it wasn’t involved in a data breach.”
Also, be sure to use the most complex password to get into the password app, MacDonald added.
Got Hacked?
Another chamber member asked “What do you do if you get hacked?” MacDonald said to first contact your IT (Information Technology) Department to try and get whatever is being hacked stopped. Then, contact local police immediately after that.
“From there, we do our investigation to try and find out where it came from, and I hate to burst everyone’s bubble, the ‘NCISs’ and ‘CSIs’ and ‘Law and Orders’ make it seem very grand that we can get every bad guy out there. Unfortunately, with cyber security, it’s not usually the case, but we’ll do our best to try and figure out ‘whodunnit’ and how we can remedy it,” said MacDonald.
Don’t Pay Ransom
When asked if ransomware was still an issue, MacDonald said that while it’s gone down slightly, it’s still a problem.
“We get them every day,” said MacDonald. “Unfortunately, people have information that they want to get back, so they give ransom, and there’s no guarantee that paying the ransom is going to get your data back, and there’s no guarantee that ransomware won’t come back at some point. So, we never recommend paying for it.”