With October being Cyber Security Awareness Month, the Park Hills-Leadington Chamber of Commerce’s Tuesday investor meeting including a presentation from Theresa Frommel from the Missouri Office of Cyber Security.
Frommel is a lead analyst from the Missouri Office of Cyber Security and has been in the cyber security field for 15 years. She said three teams in the office, totaling 18 people, provide tech support to the more than 40,000 state employees in various agencies.
“My goal today is to quickly go over some basic threats and some basic things you guys can do to fight them,” Frommel said.
She first defined and explained the idea of “malware,” or any malicious software designed to infect a machine or network.
“The intent is always to gain access to something,” she said. “Whether it’s your information to extort money from you or to do a lot of damage to your systems.
“In the early days of the internet, you only got infected if you went to an unsavory site. That is not true anymore. It’s everybody. You guys’ websites are up for grabs if you don’t have someone who is very knowledgeable keeping them up to date.”
Frommel warned the chamber members about searching for free media on the internet because the results can often lead to infection. She said people often receive malware while attempting to locate free music or free television shows, for example.
Next, Frommel gave the example of a recent email scam that was only barely recognized. A state agency employee received an email, seemingly from the head of the agency, requesting tax information and Social Security numbers for employees. The message was recognized as a scam when an incorrect URL was spotted, as well as the use of the alleged sender’s full name rather than nickname.
She also warned about potential scams in the guise of technical support. She said this can come in the form of a pop-up alerting a user to a nonexistent infection or even a phone call from a scammer, informing the recipient of an infection and requesting they download a file to fix the issue.
The importance of hiring knowledgeable tech staff was stressed, as well as making sure contracts with technical staff include agreements to keep software up to date.
“Make sure whoever’s handling you information is backing it up,” Frommel said. “And then after they back it up, make sure they check it and make sure the backups work. There’s nothing worse than having a year of backups and popping them in and finding out your data’s corrupt.”
She said it’s particularly important to back up files due to the rise of "ransomware," which involves someone gaining access to your files and holding them for ransom.
“It says, ‘You’re going to pay me this much money if you want to see your files again,’” she said. “And they mean it. By the time you get that message they’re already encrypting every file on your hard drive.
“If you don’t have good backups, your option is to lose your data or give the bad guys your credit card number.”
She said ransomware has grown to such a magnitude that the perpetrators will actually provide the victim with a technical support number to call if they have difficulty processing the payment and retrieving their files.
Frommel said it can cost the average business owner a lot of money to adequately protect their systems, but added that there are a lot of free resources to aid in the process.
“It’s our goal to partner with as many organizations as we can,” she said. “We want to keep everybody safe. The more outreach we have in the State of Missouri and the more we can help you, the better we can protect all of our citizens, and that’s our end goal.”
For more information about the Missouri Office of Cyber Security, visit cybersecurity.mo.gov.