Year after year the global cost of cybercrime keeps getting worse and worse. According to Cybersecurity Ventures, this is going to increase from USD 6 trillion today to a problem worth USD 10 trillion by 2025. Considering this, are you aware of how to reduce your chances of becoming the next cybercrime victim?
We had the pleasure to discuss with Scott E. Augenbaum, a retired FBI Supervisory Special Agent. As a 30-year FBI veteran, he witnessed over 1000 cybercrime incidents affecting small businesses and big enterprises, non-profits, and senior citizens. Scott is the author of The Secret to Cybersecurity and the creator of the Cybersecurity Mindset Academy. He participated to major cable network news shows and other local television shows as a Special Contributor on cybercrime. He also had the chance to speak to millions of viewers on the Dr. Phil Show, BBC, FoxNews, Bloomberg and LinkedIn News.
Moreover, Scott’s goal is to minimize future crime victimization by changing people’s mindset, while following his methodology. What exactly is his secret to preventing cyber incidents? Let’s dive further into his lessons.
Are you prepared or are you the next cybercrime victim?
During my decades with the FBI, I witnessed first-hand devastation to people who spent their lives building a business, only to see it partially or completely destroyed by cybercriminals. The fact is that in today’s digital age, simply clicking on a link in an email can allow the bad actors to damage a business with malware. They can steal data and money, impact a corporate network and ask for significant ransom. I saw the same story over and over again: I would meet a victim whose life was ruined. So, while interviewing cybercrime victims, I discovered some commonalities, which I call “The Four Truths About Cybersecurity”.
- Truth one – Not a single victim ever expects to be a victim. Hence, every victim is caught off guard.
- Truth two – Once the cybercriminals steal our money or data, it is almost impossible to retrieve it.
- Truth three – Most of the cybercriminals are located outside the United States. Therefore, the chances of law enforcement to bring them to justice is harder than getting your money or data back.
- Truth four – Most of the cybercrime incidents could have been prevented if the victims were armed with a couple of key pieces of information.
Once I realized Truth four, it became my mission to share these steps with anyone who would listen. I decided to retire the day I was eligible from the FBI, to pursue my passion project: protecting everyone from cybercriminals.
“I dedicated my career to keeping people safe. Some might call it an obsession, but it became my passion when I worked for the FBI.”
The Cybersecure Mindset Framework
While at the FBI, I researched and analyzed the root causes of cybercrime victimization. My goal was to make the individuals and the companies be aware of the truths about cybersecurity. So, I created the Cybersecure Mindset Framework.
To keep one’s money and data safe and to prevent cyber incidents, one should focus on the following steps and understand the strategies behind them.
1. Understanding the scope of the cybercrime problem
The cybercrime problem continues to grow. But, we keep spending more money on products and/or services hoping they will keep us safe. However, while having these products and services in place is important, it is not enough. Embracing a cybersecure mindset can reduce the chances of many attacks.
2. Understanding the Four Truths of cybersecurity
If I learned anything from my FBI experience is that the chance of law enforcement ‘saving the day’ is practically zero. Yet, that does not mean that people should give up hope. In my opinion, the majority of cybercrime could have been prevented if the victims had knowledge of a few simple controls.
3. Phishing, text messages and telephone calls are the weapons of choice for cybercrime criminals
For the past twenty years, hackers have been using social engineering techniques to trick end users to turn over their account credentials and install malware. This resulted in stolen money or data and then maliciously used. When we receive an email, text message or telephone call from someone we know and trust, that message likely passes through our spam filter and email protection. Nevertheless, we need to think twice before we click and act. The first line of defense is becoming our own human firewall.
4. The dark web and password reuse are a cybercriminal’s best friend & lead to a majority of cybercrime victimizations
The dark web is a place where cybercriminals buy and sell billions of usernames and passwords. These passwords were obtained through major data breaches. In addition, hackers count on the fact that 66% of the population uses the same username and passwords on multiple sites.
5. Identifying the mission-critical accounts
Imagine a cybercriminal who finds one of our passwords on the dark web. That one password can enable a cybercriminal to log into our financial, work or cloud accounts. Now is the time to identify those accounts important to us (Google account, bank account, work account etc.) that we need to protect.
6. Creating and remembering strong passwords
Once we identify the mission-critical accounts, we need to make sure we have a strong robust DISTINCT password for each one. A good password should be twelve or more characters. I use special symbols, numbers, upper- and lower-case letters and no dictionary words. Using passphrases to remember the complex passwords is also something to consider. For instance, a passphrase such as “I can never forget my social media password” can become the following password: #041cnfmysMP40#.
7. Making two-factor authentication (2FA) our best friend
Cybercriminals can still get access to passwords, even though the accounts have strong robust passwords. That’s why two-factor authentication (2FA) was created. Think of it as a second lock/deadbolt on our front door. The password is the first key for entry, but we would need a special six-digit code to gain complete access. The code is obtained from an authenticator app or directly from the website host via text message.
8. Understanding and preventing the Business Email Compromise
People – most likely our friends and relatives – can become subject to account takeovers. And then bad actors can send malicious emails on our friends’ behalf. The Business Email Compromise is a scam where hackers take advantage of unsecured emails. This is one of the greatest financial frauds today. It tricks end users to send money or sensitive information to cybercriminals, as the victim believes the email comes from a trusted source.
9. Ransomware: Be prepared or consequences will follow
What would happen if we found out a cybercriminal locked up all our important files and we couldn’t get them back unless we paid a ransom? If we don’t have a workable backup, can our day get any worse? Yes, it can because cybercriminals can also steal all our data.
10. Keeping our family safe
Every moment of the day the cybercriminals are targeting our family members. Today our children and elderly parents spend a majority of their time online and the cybercriminals know it. As technology advances, so do the techniques cybercriminals use to gain access to sensitive information. Therefore, we need to be aware of the different scams (e.g. phishing, vishing, account takeover etc.) targeting our family.
I cannot express enough how upsetting it was to see cybercriminals affecting people’s lives. Having said that, remember: to prevent incidents, we need a CyberSecure Mindset. But a Mindset comes from practice. Visit https://www.cybersecuremindset.com/ to learn more.