Scott N. Schober @ScottBVS is a cyber security expert and the President and CEO of Berkeley Varitronics Systems (BVS), a 47-year-old New Jersey-based company and leading provider of advanced, world-class wireless test and security solutions. Scott is a highly sought-after author and expert for live security events, media appearances and commentary on the topics of ransomware, wireless threats, drone surveillance and hacking, cybersecurity for consumers and small business. For more information www.ScottSchober.com
SmallBizLady: How can we avoid becoming a ransomware statistic?
Scott N. Schober: 71 percent of ransomware attacks targeted small businesses in 2018 and forced 1 in 5 businesses to shut down entirely. Small business owners need to educate their employees on the dangers of phishing attacks and clicking on attachments. It is essential that every business has a routine of backing up their computers, so they have a plan b if they are victims of ransomware.
SmallBizLady: Why are brute force attacks by hackers so effective?Scott N. Schober: Hackers employ many techniques to attack their victims, but brute force attacks are among the most common because they are automated and effective. Brute force attacks rely primarily on weak passwords and as we know, many people re-use weak passwords across many services and websites making them easy for most PCs to guess. Imagine a safecracker trying every combination of numbers. It would take years. Now imagine a digital safecracker capable of trying thousands of combinations per second. That is essentially what a computer does when it performs a brute force attack. Your phone’s 4-digit code takes only minutes to guess. Six digits takes hours, 8-digits takes a month and 10-digits take over a hundred months to crack. Now if you add a few more digits including some special characters, it will take decades for the most powerful computer to hack.
SmallBizLady: Is my smartphone spying on me?
Scott N. Schober: Allegations of spying PCs and smartphones have been around for a while now but we’ve only recently seen these threats weaponized by mega-corporations, artificial intelligence, mass data collection, and even state-sponsored attacks – and these are the ones we know about! Right now, your smartphone, computer or even smart TV most likely contains some breed of spyware or adware on it. Should you put your trust in the brand, the country of origin, the operating system or is there something else that will help you decide the best way to keep your data private and secure? Make sure you affix a camera cover on your PC, mobile device cameras when not in use. Be cautious as to what devices you plug into the internet that can spy on you (i.e. Alexa, Google Home, etc.)
SmallBizLady: Is Social Engineering our greatest weakness?
Scott N. Schober: All digital attacks and hackers prey upon one common weakness. This same weakness is shared by all of us, even cybersecurity experts. When you break it down, social engineering is nothing more than one person fooling another person into revealing something they shouldn’t. It could be something as innocuous as a birthdate or obvious as a password. It’s no wonder that infamous hackers like Kevin Mitnick started out as magicians whose sole job is to misdirect the audience. They compel you to look over there while they set up for their next amazing feat over here. Fellow magicians might be able to spot the misdirection because they know that same trick or have watched it enough times to catch the duplicity. Similarly, cybersecurity is not infallible but they have seen many damaging hacks that all started from a simple, socially-engineered attack.
SmallBizLady: Should I get cyber insurance?
Scott N. Schober: According to a 2016 study on the cost of data breaches, nearly 63% of all small businesses became targets of breaches or have incurred a loss of data. And more than half of those small businesses attacked also close within a few months. Larger corporations can withstand some heavy losses and have staying capacity, whereas smaller businesses do not have the reserves and are the first ones to go under. I’ve spoken to thousands of individuals both at live events and one on one about cyber insurance and am still amazed at how little is understood by small business owners and employees about cyber insurance protections and policies. If you’re worried about cyber-attacks on your small business you should make sure you have taken a serious look at cyber insurance.
SmallBizLady: How can we protect our online privacy?
Scott N. Schober: How much do you value your online privacy? Do you value it enough to use a VPN (Virtual Private Network)? It’s a simple service used to disguise my business’s IP address and location from advertisers, hackers and even spying governments. All small business owners should get a VPN to keep their data private. I do not recommend FREE VPN’s, as often they sell your search results.
SmallBizLady: I’ve read that you suggest doing spring cleaning on mobile devices? How do we do this?
Scott N. Schober: I recommend a digital spring cleaning every so often to purge yourself of unwanted spam, malware, spyware, adware and even ransomware. Digital spring cleaning has real security and privacy benefits that follow us all the way from our personal devices to our devices and computers at work. Take a moment to look at your smartphone and ask yourself when is the last time you used that APP or played that game? If it has been awhile I recommend deleting it. Are you aware of what you have opted into when you agreed to download that app start reading (The Terms & Conditions.)
SmallBizLady: Why are Robocalls are out of control?
Scott N. Schober: I think it’s safe to say that robocalls have reached epidemic proportions here in the U.S., but it doesn’t have to cripple your lifestyle. Our faith in big tech, wireless carriers, and legislators to solve the problem might have dwindled but you can take steps yourself to minimize or even remove robocalls completely from your life. In the same way that you have managed to wrestle back control of your inbox from spammers, you can stop annoying robocalls. Way back in 2014, it was estimated that robocalls wasted nearly 20 million hours and cost small businesses in the U.S. $475 million annually. So, you can imagine how much that number has grown over the past few years. Finally, the wireless carriers and FCC & FTC are working together to stop robocalling. The best advice I have is to let your calls go to voicemail.
SmallBizLady: Were we all victims when Yahoo had their data breach(es)?
Scott N. Schober: Are you still using that old Yahoo email address? Starting back in 2013 and then again in 2016 and then again in 2017, Yahoo amassed a breach totaling 3 billion users accounts the largest breach in Internet history. That’s the same number of people living in China, India and the United States combined. If you’re going to continue using a Yahoo email, you should at least inform yourself of the details of their multiple security compromises. Do you know what to do when you receive an email from Yahoo notifying you of a security breach or account issue? With all 3-billion accounts exposed on the dark web, you’re more likely to be receiving phishing emails from hackers than real ones from Yahoo. Keep in mind, when you use a free email provider you are trading that for security.
SmallBizLady: What should you do when your credit cards could have been compromised in a breach?
Scott N. Schober: If you travel a lot for a business like me, you understand how important it is to feel safe and secure in your temporary home away from home. So, when Marriott and Starwood hotels announced a massive breach back in 2018, I immediately took notice. I went back and traced every hotel stay of mine in any of their many chains. I noted the credit card I used when I checked in, ate at their restaurants or even used their minibar. Fortunately, none of my current cards were used to stay at any of their hotels in recent years but that doesn’t mean I’m in the clear. Have you taken the necessary precautions to make sure that hackers aren’t selling your data to others or just cloning your credit cards and going on a shopping spree?
SmallBizLady: How bad was the Equifax breach for all of us?
Scott N. Schober: Credit agencies provide a valuable service to consumers looking to finance a home, buy a car or get a loan. They hold all of their customers’ private data including social security numbers, credit statements, drivers’ licenses and more. So, what happens when 146 million customer records get exposed through poor security on the part of the oldest credit agency, Equifax? After they finally admit there was a security breach, Equifax offers free credit monitoring, but this is just the beginning in a series of security blunders and scams.
Equifax had implemented poor and insecure network design without proper segmentation. Databases should always be segmented from one another; otherwise, hackers have a single point of entry and can access all data. Further, Equifax inadequately encrypted the personal identifiable data. There was weak breach detection in place, but when the alarms sounded management ignored the warnings and delayed in making public announcements. The Equifax breach was an example for all companies as to what not to do when a data breach is discovered.
SmallBizLady: How can we be on alert for credit card skimmers especially on road trips?
Scott N. Schober: In 2018, nearly 1000 credit card skimmers were found at service station gas pumps in Florida alone. Can you spot them? Probably not since cyber thieves are installing them inside the gas pumps. You may wonder how in the world do they get inside the gas pumps? There are six universal locks and keys that anyone can buy for $15 on the dark web that help cyber-criminals place a skimmer discreetly inside a gas pump in under 30 seconds. And those point of sale card swipers is no safer either. Criminals continue to target any payment terminal that is not regularly inspected or easily visible to nearby clerks. I’ve attended and personally instructed skimmer task forces on the best methods to detect skimmers using advanced tools and techniques.
A few basic tips that prove helpful: Try not to buy gas from an unfamiliar gas station. If you have no choice and are on a business trip, then I recommend using the pumps that are closest to an attendant and in the view of security cameras as these are less likely to have skimmers placed. If anything looks suspicious with the pump, or the POS card reader then I recommend switch over to cash to be safe. I also recommend carefully monitoring your credit card statement for suspicious activity so you can report this immediately.
If you found this interview helpful, join us on Wednesdays 8-9 pm ET; follow @SmallBizChat on Twitter.
Here’s how to participate in #SmallBizChat: http://bit.ly/1hZeIlz
For more tips on how to start or grow your small business subscribe to Melinda Emerson’s blog http://www.succeedasyourownboss.com.