Local businesses learn how to counter cybercrime

March 23rd, 2017

SALT LAKE CITY — It may come as a surprise that a former top administrator from the Department of Homeland Security, the 240,000-employee agency tasked with keeping the country safe from outside threats, said the biggest cyberthreat to U.S. businesses is likely not from some intricate plotting by a rogue nation-state intent on toppling the largest economy in the world.

It’s email.

“One might expect me to answer that the very complicated threat from abroad is the greatest danger,” said Alejandro Mayorkas, former deputy secretary at DHS. “But in fact, that’s not necessarily the case.

“It’s the simple stuff.”

Mayorkas, now a partner specializing in cybersecurity issues at the law firm WilmerHale, said the most common point of entry for digital criminals who target businesses is via the company email system.

“It’s the unknown email that asks one to click on the site that one cannot verify the authenticity of,” said Mayorkas. “And it’s the individual inside a business that clicks on that site and all of a sudden let’s the bad actor in.”

About 275 attendees at the U.S. Chamber of Commerce’s 2017 Cybersecurity Conference in Salt Lake City on Thursday also learned from Mayorkas and others that some of the most effective strategies to keep those “bad actors” out of their systems are just as simple as the scams run by internet criminals.

“Most importantly, don’t click on a site with which one is not familiar,” Mayorkas said. “Check first with an information security officer, check with a peer, check with an outside entity.”

While the simplest steps to avoid becoming a victim of a cyberattack follow a path of common sense practices, due caution is still not being widely embraced by computer users. According to the Federal Bureau of Investigation’s 2015 Internet Crime Report, businesses and individuals lost over $1 trillion that year (the latest for which data is available) and the agency received almost 290,000 complaints related to cybercrimes. The U.S. Chamber of Commerce estimates that 25 percent of users who receive a phishing email open it and 10 percent click on the malicious link or download a malicious attachment.

Jessica Farnsworth, commander of the Utah Attorney General’s Internet Crimes Against Children Task Force, explained that cybercriminals have become very good at laying the groundwork for gaining illicit access to business data.

“Offenders will do a lot of research online,” Farnsworth said. “Identifying employees that may be working there and doing searches on those employees.”

“Then,” she said, “they will usually send an email or make a phone call pretending to be a CEO or business partner.”

What comes next depends on what the intruders are after. Personal information from customer or transaction lists can be used for identity theft. Groups intent on making a political statement may be looking to disrupt access to a particular company’s website. And, in an increasingly common ploy, criminals may be looking to lock up a business’s access to its own data and charge a fee to unlock it in a so-called ransomware attack. Tammy Georgelas, of counsel with the Salt Lake law firm Parsons, Behle and Latimer, told conference attendees that the best way to deal with a ransomware attack is to ignore it, sort of.

“The best response is not caring that your information is being locked down,” said Georgelas. “Because, you have robust backup not connected to your network.”

The U.S. is far and away the most popular target of internet criminals when viewed from a global perspective. Over 80 percent of all reported cybercrime occurred in the country with the next closest, the United Kingdom, hosting only 2.47 percent of victims. Utah ranked 31st in the U.S. for number of reported cybercrime incidents with 1,947 and 31st in losses, with just over $6.5 million. Those rankings are about where the state is at in terms of national population rankings, as well.

The expert panelists and speakers were united in their advice to business owners and noted that best practices are equally effective and applicable to maintaining personal digital security.

• Always change a device’s initial default password and regularly update passwords on all devices. And, use strong passwords with a mix of letters, numbers and special characters.

• Stay current with program and application updates and patches. They frequently contain fixes to identified security glitches.

• Never open an email from an unknown source, never click on a link or open an attachment in an email from an unfamiliar source.

• Avoid use of public Wi-Fi systems.

There are also numerous, free and trustworthy guides for small and medium businesses to build more robust defenses from would-be cyberattackers. They include the Federal Trade Commission’s Start With Security Guide, the Department of Homeland Security’s C3 program and the National Institute of Standards and Technology’s cybersecurity framework.

The Salt Lake Chamber of Commerce, which hosted Thursday’s event, also offers resources for local business including a cybersecurity toolkit.

By Art Raymond, Deseret News
Published: March 23, 2017 6:40 p.m.
Updated: March 23, 2017 6:52 p.m.

Get Email Updates

  • Subscribe to get the latest UTC news.

Follow Us

Blog Favorites

Check out Silicon Slopes’ latest feature on our Hall of Fame Inductee, Amy Rees Anderson! 

Photo Courtesy of Deseret News   “On the evening of November 10, REES Capital Managing Partner Amy Rees Anderson will be inducted to the UTC Hall of Fame alongside Pluralsight CEO Aaron Skonnard and Overstock CEO Patrick Byrne. At age 17, Anderson arrived in Utah as a BYU freshman. Armed with her first checkbook, she quickly bounced enough […]

Silicon Slopes Feature – Microsoft CEO Satya Nadella Is Coming To Utah

We are excited to announce that today marks the first of UTC’s Silicon Slopes Feature Series, where Silicon Slopes will give an inside scoop on all things Hall of Fame!  Check out their post below! Every year, one world-renowned tech CEO is chosen to speak at the Utah Technology Council’s Hall of Fame Gala, a celebration […]

Honoring our 2017 Hall of Fame Inductees

We are excited to announce that we will induct three tech industry leaders into our Hall of Fame. Aaron Skonnard, Amy Rees Anderson and Patrick Byrne will be honored at the UTC Hall of Fame Celebration which will be held at the Salt Palace Convention Center in Salt Lake City on November 10, 2017. The […]