Federal Bureau of Investigation (FBI) Special Agent Jason Frankenberger encouraged the use of two-factor authentication and stronger passwords along with better employee education programs in Tuesday’s (Feb. 20) Cyber Security Symposium presented by the Fort Smith Regional Chamber of Commerce and Talk Business & Politics.
Addressing community business leaders and IT professionals from the Chamber’s Board Room on Garrison Avenue, Frankenberger shared insights from his experiences tracking cyber crimes and security threats in the Northwest Arkansas area.
Frankenberger graduated from the University of Arkansas with a computer engineering degree in 2003. He began with the FBI three years later and has worked in the Memphis, Dallas, and Fayetteville field offices.
While acknowledging two-factor authentication is not foolproof, enacting it “won’t cut out your problems 100 percent, but it probably will 99 percent of the time.” Frankenberger said that was because the process — which requires a user name and password as well as another factor the user usually has on them, such as a random numeric code sent to the user’s phone via text — embraces security protocols that go beyond the capabilities of the average hacker. That’s why companies like Facebook, Dropbox, and Google have embraced it, he said.
Aside from that, encouraging individuals to employ stronger passwords is a must. Frankenberger encouraged longer passwords that also utilize numbers and special characters, noting that the average five-character password can take hackers an average of 19 minutes to crack.
“If offering WiFi to customers and employees, this BYOD (bring your own device) environment is more like, ‘Bring Your Own Disaster.’ They can hook on to your company’s WiFi and create vulnerabilities. Just make sure that if you offer public WiFi, that network is segmented off from the rest of everything else you’re doing,” Frankenberger said, pointing out that Northwest Arkansas has moved to open WiFi in all parks.
“I can’t imagine what’s sitting on those networks,” he added.
Of the common threats that he has seen while working on cyber security, Frankenberger said clicking on email attachments or links from outside sources remains an issue, fueled along by the fact that many fraudulent emails can appear to be from reputable sources.
“We had one company that told us it was not abnormal to get invoices from a company, and they ended up with a ransomware infection when they clicked on the attachment, so be very very careful about that,” Frankenberger said, adding that another case involved a small municipality reaching out after a piece of ransomware had seized all their files.
“They called us on a Thursday, and the ransomware had been going through their network, and all of their HR files were encrypted. It’s a small city. People are not going to eat Friday night if they don’t get their paychecks. Luckily in that case, they were paying a backup service, so they were able to revert back to the previous day.”
Email appears to be a particularly vulnerable threat to cyber security in other ways as well, Frankenberger said, noting that scammers can figure out major company executives and compromise their email addresses to make requests for payment or wire transfers to other members within their organization, a scheme that defrauded one Northwest Arkansas company out of around $600,000.
The lesson: “Establish protocols within your bank or organization when doing wire transfers. Make sure requests are going out from the actual person and not someone appearing to be that person,” Frankenberger said, adding that an executive’s response to an employee asking for verification should not be, “Yes, I told you to do that,” but “Thank you for asking.”
Read more: https://talkbusiness.net/2018/02/fbi-agent-addresses-business-group-about-cyber-threats-protections/