Five steps to a cyber-secure Virginia

Published 9:40 pm Wednesday, August 10, 2016

By Scott Phillpott

All Virginians feel the consequences of cyber-terror, cyber-crime and cyber-bullying. A vast informational chasm exists between those with a strong technical background and the rest of us, who simply want our information and intellectual property secure.

Here are some tips that we can all use to make the Commonwealth of Virginia more cyber-secure.

  • Demand Secure Socket Layer (SSL) on all websites in the commonwealth. There is no sound reason that any web page should not have SSL installed. For those hosting websites, visit Let’s Encrypt. Let’s Encrypt is a free, automated, and open-certificate authority brought to you by the nonprofit Internet Security Research Group.

Email newsletter signup

When visiting websites (in particular our government sites), we need to demand that they all be equipped with SSL. Look for the “s” in https at the beginning of the URL.

  • Use Virtual Private Networks for all devices. An inexpensive way to get VPN protections is to use the subscription server Private Internet Access (PIA). The sign-up and install process is made simple by PIA, and you can use a gift card to pay for the service so that there is no need to give anyone your credit card information. Once installed, you can run it on multiple devices such as smartphones, laptops and other computers.
  •  Passwords are a pain. To combat this, use pass-phrases. Select a phrase you can remember and modify it for different websites. If you have three bank accounts and a Facebook account, you want to have a strong, unique and easy to remember password for each. Use a phrase, an extension and a number. Start with a phrase, such as: “Always remember: you’re unique, just like everyone else.” Use the first letters and special punctuation to make a very strong password. With this method, the password for Bank 1 could be “Ar:yu,jleeB1,” while Bank 2 could be similar (but not exactly the same) “Ar:yu,jleeB2.” If you change them annually (which is the minimum frequency recommended), you can add the year “Ar:yu,jleeFB16.”
  • Be aware of potential scams that can come from any source. If an incident happens at work, know how to report them immediately. At home, do not respond to anyone who calls to try and fix your computer remotely.

This is known as the “Microsoft technical services scam,” and scammers call people to warn them of suspicious activity on their computer, only to trick them into providing access to the computer. Simply hang up and walk away.

There are organized gangs of criminals who do this all day and then sell the hacked systems to the highest bidder on the black market. The elderly are particularly vulnerable to these attacks, and since many have substantial savings, giving criminals access to the computer can be very expensive.

  1. Finally, if you are a victim, know how to report it. The FBI has established the Internet Crime Complaint Center (IC3) as the web portal to report cybercrime. The IC3 accepts online Internet crime complaints from the victim or a third party. Report as much detail as you can, but just be sure to report it. It should be a goal for the commonwealth to be No. 1 in reporting cybercrime to the proper authorities.

Current reporting levels are dismal, most likely because people just don’t know how to report the crime.

To learn more about how to protect yourself and your business, join us Oct. 5-6 at the Virginia Beach Convention Center as we host the Virginia Cyber Convention & Expo. Register at www.cprcv.org.

Scott Phillpott is 26-year veteran and former Navy captain. He is also a senior cyber/maritime analyst at Valkyrie Enterprises and volunteers as executive director for the nonprofit Cyber Protection Resources.