HCTF Seminar; right side of the room. Copyright © 2017, FPP, Inc. All rights reserved.

Digital Security Awareness Briefing

The Southern Oregon High-Tech Crimes Task Force (HCTF) teamed-up with the FBI’s Oregon Cyber Task Force (based in Portland) to present a Digital Security Awareness Briefing to local businessmen. The seminar was held at the Medford Police Department on Thursday afternoon, January 12, 2017.

HCTF Seminar; left side of the room.
HCTF Seminar; left side of the room. Copyright © 2017, FPP, Inc. All rights reserved.

The seminar touched upon the background and operational scope of the various entities involved in the detection, response and prevention of cyber crime. Threats include:

  • Ransomware
  • Point-Of-Sale (POS) Malware
  • Denial of Service (DoS) Extortion
  • Email Compromise
  • Insider Threats

The fact that the threats seem to be primarily targeting small and medium-sized businesses is significant because smaller businesses may not have the resources—or the diverse technical knowledge—to prevent these crimes.

The FBI graciously provided a copy of their presentation, in .pdf format, so that interested business owners can download and review the information.

Business owners with limited resources might want to consider a fairly simple, easily-implemented process of daily system backups stored at a location away from—and not connected to—the physical location of the primary business computer system. Possibly a daily backup, followed by weekly and then monthly saves that are cycled at those intervals; save 7 dailies, then save the weekly (maybe on a Friday) until the next end of week, then save the last backup of a month until the end of the next month. While this system seems tedious, the business owner might want to weigh the time and effort involved in a backup process against the time and effort of dealing with Ransomware and/or the complete shutdown of their business.

POS Malware touches on the fact that, while transaction data is encrypted in storage and transit, it is clear text at the time of the actual transaction. Prevention includes training employees, understanding how your system works, and considering data loss prevention solutions.

We’ve all heard about DoS Extortion schemes and, thanks to the Internet of Things (IoT) expanding the available endpoints, this type of attack becomes more challenging to fight. Logging the details is an essential part of an overall preparedness and reporting plan for all small businesses.

The latest flavor of attack comes in the form of a Business Email Compromise (BEC) that targets a company’s top executives, usually when they are on vacation and are not readily-available to manage such a threat.

Finally, the most difficult-to-detect threat is the insider; someone who appears to be trustworthy but is either a nefarious actor or becomes compromised.

All of these threats are real, and a preparedness plan is an essential part of running even a small business these days. For more detailed information, including a sample action plan, you are invited to download the presentation slide deck.

Thanks to FBI Special Agent Miles Wiltrout and the folks who traveled from Portland to provide this important information for local businessmen!

Author: Karen
Written: 1/15/17
Published: 2/1/17 (after waiting for .pdf files to be sent)
Copyright © 2017, FPP, Inc. All rights reserved.

 

Links:

Notification re: Business Email Compromise (BEC)

Best Practices for Victim Response and Reporting of Cyber Incidents

Cyber Resources Sample List

Digital Security Brief Slide Deck

Ransomware Resources

Small Business Cyber Security Flyer