It’s not unusual these days to sit down in a coffee shop and without a thought connect your laptop or cell phone to a public network, maybe one reassuringly named “coffee shop.”
Don’t do it.
If it’s unfamiliar and doesn’t require a password chances are the network was set up by someone nearby, maybe someone sitting across from you, to collect user names and passwords off your devices.
That was one of many pieces of advice offered for individuals and small businesses during a presentation on tech crime at the Carson City Chamber of Commerce on Tuesday.
“Make sure your phone doesn’t automatically connect to open networks. Turn off Bluetooth. Someone with a skimmer can walk by and pull stuff off your phone,” said Alan Cunningham, information security officer, Washoe County School District. “Take the time to set up a password on your phone.”
Cunningham said it gets exponentially more difficult to crack a password the longer and more complicated it is.
A seven-character password using all lower case letters, for example, takes well under a second to decipher.
The same password with just one more lower case letter takes five hours. Make it nine letters and hackers need five days to figure it out.
Strong passwords should include both lower and upper case letters as well as special characters, said Cunningham.
“And please, please, please, if your bank offers multistep verification, sign up for it,” he said.
Individuals should also be aware of debit and credit card fraud after burglaries and scams associated with it.
“We had one case where they would steal the cards and then call and say they were a detective who needed more information,” said Sam Hatley, detective, Carson City Sheriff’s Office.
Other scams include people calling to say a family member was in jail and needed money wired or the caller claiming to be with the government.
“Never send anything via Western Union or Green Dot when asked,” said Hatley.
The biggest issue in Carson City, he said, is counterfeit checks.
“We get a lot of check fraud,” said Hatley.
“We had one couple who would get jobs, quit, and then counterfeit the paychecks.”
Also be aware of so-called skimmers attached to ATM machines that look like the bank’s scanning device but are put there to steal information when a debit card is used.
“I always give them a little tug to make sure they’re valid,” said Hatley.
Laura Tucker, deputy attorney general in the Nevada Attorney General’s office Bureau of Consumer Affairs, said limit the amount of personal data you make public.
“People put a lot of information out there. Think about what your online profile looks like,” she said.
Tucker recommended regularly ordering free credit reports from ftc.org, placing a fraud alert if your data has been breached and even placing a freeze on your credit which prevents identity thieves from setting up new accounts in your name.
“You can thaw it out for short period of times,” said Tucker, such as during a home purchase when you need to demonstrate credit worthiness.
For small businesses, Tucker said the best defense is a good offense.
“Have a written data retention policy. Have a crisis management plan and test it out,” she said.
Also, make sure your vendors comply with the Payment Card Industry data security standard.
“As a small business you must be compliant as well,” said Tucker.
If a data breach does occur, use the crisis management plan, take breached computers off the network, and notify law enforcement and affected clients.
Also, contact the Attorney General’s office at 775-684-1100.