The FBI says that there was a 10% increase in cybercrimes last year, with losses of over $12 billion.
The Ohio Department of Commerce wants to raise awareness on the importance of keeping your guard up while online.
Rob Rutkowski, deputy superintendent of the Ohio Department of Commerce’s Division of Financial Institutions, sat down with WYSO to give advice on staying safe from cybercriminals, which includes changing your password.
Rob Rutkowski: It's something that nobody likes to do. I don't like it, but it's something that you really need to do and you need to think about it like this - either you can use the fancy word password that has numbers and characters and using numbers instead of letters that are similar. And it is very long, 14-plus characters long. Or you can use a phrase. You can take four words that aren't related, say, “purple hippo bunny ears.” And that long list of words is just as effective as the multi-character password.
Most things, when you log in now, they want you to use different characters as opposed to just the alphabet. But I'm told that having a very long password that’s a phrase is just as effective, if not more effective, than the single word that has all the characters in.
Mike Frazier: But a lot of websites, they do require characters, numbers in upper and lower case. So any advice on how to keep that simple? Because a lot of people, like you mentioned, hate changing their password because then they forget because they have multiple passwords for multiple sites. So how can people make it easier for them?
Rutkowski: There's lots of schools of thought on this. And what a lot of people do is they have a password software. They have a piece of software that functions as the password generator or at least keeps track of them. And that's fine, except if somebody gets a hold of that, then your world has now become their world. So if you're going to use that, make sure that the device it's on, whether it's your phone or your computer is password protected. So that's one way.
"And even smart people fall victim to this stuff. So I would encourage your listeners, if you are a victim of this, report it."
Now, I'm not going to be critical of people that write down the passwords and then keep that list in a safe. If you write down the passwords on a sticky note and put it on your laptop monitor, that may not be a good idea. But if you secure the written passwords in a safe, I mean, that's fairly effective.
Frazier: What is the most common cybercrime?
Rutkowski: I would say probably phishing — getting you to click the link. That’s what these people are trying to do. The best thing to do is never click links, even if it’s from somebody you trust. You just go to the site itself directly. Don't take the shortcut and click the link.
Frazier: So you're saying if you get a text or an email from an organization that you're affiliated with, say, your bank, and it says there's a problem with your account. Or from PayPal or Amazon saying you're going to be invoiced unless you click here. The best thing to do is what? Go to the actual site itself and then what? Log into your account and check.
Rutkowski: Yes. Yes, exactly. That's exactly what you should do. And often you'll find that there's no problem at all. It's just that you got on someone's spam list for phishing and trying to get you to click a link.
And even smart people fall victim to this stuff. So I would encourage your listeners, if you are a victim of this report it. Some people don't report it because they're too embarrassed. But don't be embarrassed to go to the FTC website and report it.
Frazier: And their website is what?
Rutkowski: FTC.gov, the FTC, Federal Trade Commission. I think they're on the forefront of this. If you're victimized and you lose very large amounts of money, the FBI would also help. Local law enforcement is there and they're especially effective if it's somebody in the region. But if it's a roomful of people in North Korea doing it, then you will need heavier armor. It's like a game of Whack-A-Mole. There's always something new happening. So staying up on things, I think, is the best way to stay informed.
Frazier: Most people use Wi-Fi in their homes or apartments to go online. What should they do to secure themselves?
Rutkowski: So on the router, there's a login. And if you don't change the password on the router login - it's a generic one like “admin” or something like that, and you can just Google it. So if somebody saw your network and you didn't change that, they could just enter that and then they'd be in, they would be able to log into your router. They would be able to intercept that information. So that's one step is securing that password on the router. And you can do a whole bunch of things to secure your router. But I think that by setting that and making sure that it's not just unpassword protected, it's completely open. I think that those are two things to do.
