Caffeinated Conversations: Cybersecurity TIps
Staying safe online with FBI Agent Drew Grafton
Tuesday, October 9, 2018 2:00 pm
Some of the best steps to protect yourself and your business online are the easiest, meaning we sometimes take them for granted.
FBI Agent Drew Grafton shared some cybersecurity tips at September’s Spartanburg Area Chamber of Commerce Caffeinated Conversations. Grafton, who has been with the FBI for 15 years, investigates computer intrusions and hacking cases, like data breaches that affected Target, Sony, and numerous other companies during that time.
Grafton said many people trust apps and websites with personal information a little too liberally. Typing an uber-detailed password may seem like a hassle, but it’s much less painful than dealing with malware or someone getting your online information.
One of the simplest pieces of advice Grafton gave was to pay attention.
Some of the most-commonly reported email schemes involve an email address that’s made to look like the legitimate version it spoofs. Scammers will often add or misplace a letter so at first glance, the email address looks legit, even if it isn’t. Those spoofed emails can then be used to install harmful programs or encourage what end up being fraudulent transactions.
“They’ll say something like, “I’m a CEO in the U.K., and I missed a deadline to send this, so I need you to send this today or you’ll get penalized,” he said.
Read Everything (Even the Long Stuff)
Another way to keep your business safe online: know what apps install have access to.
“When you do download an app, pay attention to what it’s asking you to have access to. If you’re downloading a flashlight app, there’s no reason for it to ask you to have access to your contacts list, your messages, your telephone calls, but it does,” he said.
Many apps ask for access to information that’s unrelated to why you’re downloading them. Understanding a gaming app doesn't need access to your email address or place of work is an easy way to avoid harm online.
What They Don’t Know Won’t Hurt Them
Nothing says everything you put on Facebook or Twitter has to be totally accurate.
Grafton said a quick step to keeping your privacy in tact can be keeping your private information off social media or adjusting your settings so only your friends can see legitimate information about you. Even the emails you submit to social media sites don’t have to be the email you check daily, he said.
Two Factors are Better Than One
Two-factor identification may mean a couple more seconds between you and that email or Facebook notification, but it can go a long way to keeping your business' information safe.
“Be careful what you put on your social media sites. That’s where a lot of this information is getting scraped from,” he said. “A lot of the social engineering of a telephone call that says, ‘I know who you are, I know who your child is,’ it comes from that. You may think it’s the truth, but it’s likely they just went to your social media.”
Simple verifications go a long way, too. Grafton said people will often take an email at its word, so if a message that looks like it’s legitimate comes requesting money, some people will send the money without a second thought.
Don’t do that, at least not without checking all your bases first, Grafton said.
“Any time you’re ever dealing with financial information, have two-factor authentication. If you see something from the CFO, call the CFO,” Grafton said.