(lively music) - Welcome to "Forum 360".

I'm Mark Welfley.

Thank you for joining us for our global outlook with a local view.

"It won't happen to me."

For years, these were the words of typical consumers when they were asked about cyber crime.

However, the spate of recent high-profile data breaches and ransomware attacks have changed consumers' perceptions.

Today, public awareness about cyber attacks is very high.

More than three quarters of, in a recent survey, three quarters of individuals said that they were concerned about data privacy.

Some 63% of consumers were also worried about their data being stolen, according to a survey by Norton, an antivirus and online security company.

So what is the state of cyber crime today, and what can we do to detect and protect ourselves against it?

To answer these questions, I am joined today by Mike Hiland.

Mike is the Director of Information Technology at GPD Group, an Akron based architectural and engineering firm.

So, welcome, Mike.

- Thank you.

- Yeah.

Start by telling us how you got into information technology and technology in general?

- Well, it was, it's quite a while ago.

It was back in the early to mid-eighties.

I worked at a manufacturing firm, and we were introduced to the personal computer, to start learning what it could do in the manufacturing world.

I started working with the PC and then writing test programs, and it just grew from there.

And then opportunities presented themselves one after another, and here I am today.

- Do you feel a weight on your shoulder as a director of information technology for a large company?

- Yeah.

There's a fair amount of responsibility.

I mean, I'm looked at as the person to keep the company safe, but that's becoming more and more challenging, as it really becomes all of our responsibility to behave properly and make good decisions.

So it's, it's a challenging space, to be sure.

(chuckling) - So, cyber crime, the subject of today's conversation.

What, by definition, is cyber crime?

- Well, it's a combination of two words, right?

Cyber and crime.

So cyber really means anything that's computer or computer network, or internet based.

And then crime, we know what that is.

So cyber crime is gonna be any illegal activity that's conducted using computers or networks, or the internet, anything like that.

Anything that's connected.

Our connected devices are all targets for cyber crime.

- Why is cyber crime such big business?

- It's big money.

It's all about money.

It's a multi-trillion dollar industry around the world.

I was reading a study today that the United States is, pays twice as much in ransoms and, you know, fees to get their information back.

So it's just, it's just all about money.

There's a little bit that is about politics.

Little bit; it's probably a lot, but the majority of what we see going on is about money.

- So I understand cyber crime and big business, as in big businesses which have big money.

But I'm just a guy with a couple of computers in my house.

Like, what do cyber criminals want with me?

And why are they after me, or you, or, you know, my neighbor?

- Yeah, it's a bit baffling, 'cause you wouldn't, you wouldn't think you're a target.

But you do have money.

You have bank accounts and you have credit cards, and you have an identity, and all of those are interesting to the cyber criminals.

They, you know, money is... Robbery.

They just wanna take your money.

Credit cards, fraudulent use of credit cards, right?

Somebody using your credit card that you have not authorized.

If they can get that information, they'll go shopping as quickly as they can and get as much as they can.

The other aspect is your identity.

I mean, several, several years ago, my father's identity was used as a part of a plan to purchase an apartment building on the east coast.

He lived in California.

He didn't know, but his social security number had been compromised, and a crime ring had put together a proposal to purchase an apartment building.

And he got a call from a police officer on the east coast, telling him what was going on.

So, you know, he had good credit, so he was used as, as part of that effort.

He didn't have anything to do with it.

- How do situations, like that with your father, how do they resolve generally?

(both laughing) Or do we not have enough time?

- Well, after the initial reaction, which can be quite frustrating, he had to change his social security number, he had to change all of his bank accounts.

He had to put secret passwords on all of his accounts.

So if he called the bank to do something, they asked for the password, things like... And this was in the nineties, so it was 20-some odd years ago.

It's a little different now, but it it was a lot.

It takes a lot to go through the exercise of changing all of that information.

If you've ever had your... You know, my daughter had her car broken into and her wallet stolen.

Changing all her bank cards and all the information, it's just painful.

- Yeah.

- Yeah.

- Yeah.

So most, so I can, I can make a case.

Here, you make a case for big businesses have the money.

Can you make a case that one of the reasons why cyber criminals target everyday people is because perhaps we're less knowledgeable, less educated, kinda less suspecting of what might happen to us, therefore we make easier targets?

- Yep.

I think that's exactly the case, you know.

You don't want to generalize, but most people are not technology-savvy.

You know, you and I work in technology fields; we deal with it all the time.

Most people do not.

You know, and I think it's also somewhat generational.

You know, people who might be over 60 years old maybe never had to use a computer in their work life, and it was never an issue, they never thought about it.

Now they've got computers at home, and maybe all they wanna do is look at pictures of their grandkids, but they probably have an email account, and they have a Facebook account, and that therefore makes them a target.

So the average citizen just does not understand a lot about technology, and when something happens, fear sets in, and fear is what the cyber criminals prey on in the private sector.

They wanna scare you into reacting and doing something quickly, without thinking.

And when they do that, they've got you.

And they will work very quickly and be very convincing.

And you won't even know what happened.

- Yeah, interesting.

So, on that topic of, we're kind of, we're aware, to the extent that we are aware, we as ordinary consumers and people, you know, we know about phone calls that we receive about, telling us that, you know, our computer is the wingnut that holds together western civilization, and if we don't get it repaired for $500, then, you know, bad things are gonna happen.

But, and on computers too, when you get pop-up screens and such.

But how about some of the newer technologies, like cellphones?

Can you be exploited by a cyber criminal on a cellphone, or an iPad, or a Kindle?

- Yeah.

Yeah.

Unfortunately, you can, because they're connected devices, and if they're connected to a network, it can be found and it can be exploited.

With the case of cellphones, what I'm seeing now are, I receive random text messages from numbers I don't recognize, telling me something; my Amazon order is delayed, when I haven't placed an order.

You know, my bank account has been compromised, things like this that are not expected, and not the normal way that those entities would contact me.

So I'm seeing more and more a significant increase in the text messages.

And they're just randomly shooting out messages to phone numbers, to see who they can get a response from.

You know, we all go into various establishments, your restaurants, your coffee shops, and they all offer free wifi.

It's very dangerous.

It's free to everyone, including the criminals.

And so when you go in and you connect to those networks, they're connected and you're connected, and they're gonna try to find a way into your device.

And again, if they can get in, then they have access to information.

One of the common things that they will try to do is put something called a key logger, or a key stroke logger.

We've had 'em on computers for years.

They've been putting 'em on computers.

And it just records everything you type.

Well, when you go to log into your bank account, it can, they can capture that.

And now they have your username and your password for your bank account.

And now we have mobile apps on our phones, we have the same scenario.

So I think, with the cellphones, my understanding is it's just now coming into fruition.

It's not really as prevalent as the computer attacks are.

Those are very prevalent.

- What's the motivation of the cyber criminal using the phone, sending you a random text?

Are they trying to get you to call a number, go to a website?

Is the methodology behind what they're trying to do on a phone similar to what they're hoping your reaction would be on a regular computer?

- Yeah.

It's very much the same.

And I think it's, it's like fishing, like sitting in a boat and casting your hook in the water.

They're just casting, trying to catch somebody.

And if they get you, they just get that hook set, now they will manipulate that conversation to where they're getting what they want to get.

And they'll do it through intimidation and fear.

"You need to do this quickly."

"This needs to happen now."

Those are the hallmarks of what they're doing.

And because we're not technology-savvy, we react, you know?

And, I mean, it's just common.

And so humans have become the attack vector for cyber crime.

"If I can get the human to give me what I need, I can do the rest after that."

So you don't even need to unlock the door.

You just have to tell 'em what the key looks like.

(both laughing) - Ah, we laugh, but sadly, huh?

- Yeah.

Yeah.

It's difficult.

- If you're just joining us, thank you very much for joining us.

My name is Mark Welfley, and I'm here with Mike Hiland, and we are talking about cyber crime.

And Mike is the Director of Information Technology at GPD Group, which is an architectural and engineering firm in downtown Akron.

So let's try to put, if we can, Mike, a face, a face on these cyber criminals.

Like, who are they?

Is it a 17-year old in a dark corner wearing a T-shirt who's, you know, lives in my neighborhood, or?

Who is this cyber criminal?

- Yeah, it's funny.

It's that.

(both laughing) But it's, you know, if, it really is, it's happening on a number of different levels around the world.

So there's organized crime, which are, you know, we've often referred to it as the mafia here in the States, but it's organized crime syndicates or rings that have a goal.

Sometimes it's just to get as much money as they can.

But they have money and organized approaches to these things.

There's also state-sponsored cyber crime.

So if you think of the evil countries in the world, from our perspective, those are the states that are sponsoring cyber crime.

You know, and a lot of that is an effort just to get funds, just to get money most of the time.

State-sponsored is probably where the political side of cyber crime comes into place.

You know, they wanna take over the Department of Defense, or something like that.

That's more politically motivated.

But there is a lot, especially in countries like North Korea, that have economic issues.

They're trying to steal all your Bitcoin for millions of dollars, 'cause that's where they ride, that's where they wanna live.

The other one I think is interesting is, as you said, the 17-year old in the hoodie.

But how about the husband and wife that just think, "I bet we could do this and make some money."

You know, one of the recent things that has happened since the pandemic is fraudulent unemployment claims.

And I can remember reading an article about a husband and wife team, and I believe they were in Michigan, that were arrested because they were sitting at home and submitting fraudulent unemployment claims to various states and seeing if they could collect money.

And they were eventually arrested.

But, you know, I've also seen people talk about...

There are people out there that don't actually commit the crime, but they gather all the information and intel to hand over to the criminal to then execute what they need to do.

They do the research on your identity, and they search around to find your accounts and your usernames and things like that, if they can find any of that, and then they turn it over to someone who's actually a criminal.

And those people feel like, "Well, I didn't do anything wrong," but they're participants.

So it's everybody, in a sense.

(laughing) Us against them, I guess.

- So I wanna dedicate some time today to what can we do about it.

So here we are.

You know, we're kind of sitting ducks, really.

I mean, I was told in my travels from technology experts that, you know, if the bad guys wanna get into your computer they're going to, they're going to.

So like, what can we do?

What are, can you tick off some, some things we can do, some ways we can be aware of what's going on?

- Well, we use a phrase at GPD that we tell our employees, and that is to be skeptical.

So you get an email that looks like it's from the IRS, telling you you owe money, and if you don't pay this week, they're gonna take your house and everything you own.

No, they won't.

The IRS will never contact you by email, cellphone, text.

Go to their website.

They talk about it.

They say flat out, "We'll never do this."

They will only use the United States Postal Service to contact you.

Your bank.

If you get an email from the bank that's unexpected.

One thing to be, that's important about that, is if something comes to you from someone that you know, it could be your banker, it could be your friend from high school, and he sends you a couple of jokes a year, and suddenly, you get an email from him that says, "I'm sharing documents with you."

And he's never shared documents with me before.

You don't wanna respond to that email, because if the bad guys sent that, the bad guys will get the response, and they'll tell you everything's good.

You want to contact that person through a known good channel, usually a telephone number.

Call them.

"Hey, Bob, did you send that to me?"

"No, I didn't."

Now you know what's going on.

Call your banker.

"Did you send me this information?"

So you have to be careful about those kinds of things.

You mentioned earlier the popups on a computer.

There have been, you know, people I've worked with who have received a popup on their computer.

They went to a website, it pops up, says you have something that you need to fix on your computer; call this number.

They're gonna drag you through an exercise of eventually getting your bank account and routing number to transfer funds, 'cause that's how they work.

And if they've scared you enough, you might give it up without thinking about it.

And that's the tactic.

The other thing is passwords.

(both chuckling) And we all hate passwords.

The challenge with... What do you think the most common passwords are?

- Dog names, street names, names of your kids, and a number.

- How about the word password?

- (chuckling) Really?

- My password is "password".

The most common passwords are often 123456, 1234567, 12345.

- Wow.

- Things like that.

The cyber criminals can use computers to guess passwords, and those common passwords can be guessed in less than a millisecond.

And a millisecond is 1,000th of a second.

There are a thousand milliseconds in a second.

They can guess those passwords in less than a millisecond.

So our job is to make what we call complex passwords, at least 16 characters long; uppercase, lowercase, numbers and symbols, to the extent that the website or whoever it is will allow it.

Some of 'em don't allow certain symbols.

Sometimes you can use spaces, sometimes you can't.

We also can use what's called a pass phrase, which is multiple words that don't make any sense when used together, right?

Rubber monkey red moon, and throw in an exclamation point and an at symbol someplace, and you have something that cannot be cracked by a computer for several centuries.

You're very safe at that point.

Now here's where it gets ugly, if that wasn't ugly enough.

Never use the same password anywhere else.

- Yeah.

- Now, if you're like me, you're thinking, "How am I gonna do this?"

This is where we get into something called a password vault, which is a solution that you can purchase.

They're not very expensive.

They're typically less than $50 a year, and you can oftentimes share it with other family members, so they can have a vault.

You know, you can get five or six vaults for the price of one.

It'll store the passwords for you, it'll make the passwords for you, and in some cases it'll even plug the password in for you so you don't have to type it.

And those are very, very safe.

I was watching a security expert recently, and he said in 20 years, he's never heard of a password vault company getting compromised to the extent where you lose your passwords.

They might get compromised and the data's stolen, but it can't be read until you get involved and put your special password in to unlock it.

So it's very, very safe, and it helps to simplify this password nightmare.

The last thing I'd bring up is something that we call multi-factor, or two-factor authentication.

Two-factor or multi-factor is something you have and something you know.

So some of us may be doing this already.

We go to our bank website, we put in a username, we put in a password.

I know the password.

It sends a code to my cellphone that's good for 30 seconds.

Now I have that, and I plug that in, and now I can get into my bank account or credit card account.

Very common with banking and credit cards.

If you don't have that enabled, either talk to them or look in the settings when you get logged in and see if you can enable the multi-factor.

You're sending that code to a different device.

And if someone watched you type your username and password, they don't have the other device, most likely, so it's, it's a very, very, very secure way to protect those types of accounts.

- Are multi-factor authentications, are they more common, or are they even mandatory now?

Or, like Microsoft, as an example, looks to have, and the University of Akron teach.

So do you have them at GPD?

- Yes.

- Or, like?

- Yeah.

I mean, if you are a publicly traded company, you probably have security policies in place that require things like multi-factor authentication.

In the case of GPD, we are not a publicly traded company, we're a private company, but our customers are of all kinds, including publicly traded customers, and they require us to have those things in place.

So companies oftentimes have security mandates that require that multi-factor gets put in place.

- You know, I thought when you were talking about passwords you were gonna talk about, you know, remembering a bunch of special characters, plus an X, and then a lowercase y, like we used to be given passwords from.

And now we can come up with, as you said, with words that don't always go together to cobble together a very complex but safe password.

And that's very interesting.

I'd like you to put on your looking glasses and stare 10 years into the future and tell me, like, where is cyber crime either going, or where's it gonna be in 10 years?

- Well, I think it's gonna continue to grow and continue to be a bigger problem.

I think what's on the horizon that is gonna make it more complicated is quantum computing.

That's a new computer technology that's gonna operate much faster than computers we have today.

And I think that, as that technology develops and becomes readily available to universities and, you know, police entities, the cyber criminals are gonna be right at the front edge of that as well.

They've got the money, so they can invest.

So those are things that will be able to break traditional encryption ciphers quickly, and things like that.

You know, the things you're doing with your, if you're into Bitcoin and things like that, with your wallets, it's all encrypted; it can probably break those.

So the whole world is gonna get turned on its head when that comes to pass.

And all those who need to be working on how to defend ourselves against that are working on that today.

But I think that's, I think that's gonna be a big, a big thing in cyber crime over the next 10 years.

We're probably a good five years out from that right now, from it even being something that somebody can acquire, and it'll be incredibly expensive when that happens.

- In the last 30 seconds that we have today, just comment about government entities and those in charge of, you know, security in the United States, the, you know, the NSA, and like, what are they doing?

What can they do?

Is it, you know, the powers of bad are outpacing the powers of good?

Or like, what's the status of their effort?

- Well, I mean, the FBI I know is heavily involved in fighting cyber crime.

They just recently, I think it was about a week ago, it was announced that the United States, in conjunction with a number of other countries, took down a network of cyber crime computing and activity that was responsible for billions of dollars of losses, and they were able to take the entire thing down and eradicate it.

So they have that capability.

Unfortunately, I think for people like us, we're gonna be very small potatoes and not on the radar.

They're working on the really big problems.

- Thanks, Mike.

- Yep.

- Billionaire businessman Warren Buffett has said cyber attacks are the number one problem with mankind, even worse than nuclear weapons.

And while the statement may be up for some debate, he makes a good point.

Cyber crime is prevalent and pervasive, with its schemes ever-changing and very costly.

So knowledge and proactive behavior are the two best tools we as consumers have to protect ourselves.

I'd like to thank Mike Hiland for being here today.

Thank you, Mike.

And encourage each of you to keep your mind open until next time on "Forum 360".

(lively music) - [Announcer] "Forum 360" is brought to you by John S. and James L. Knight Foundation, the Akron Community Foundation, Hudson Community Television, the Rubber City Radio Group, Shaw Jewish Community Center of Akron, Blue Green, Electric Impulse Communications, and "Forum 360" Supporters.