4 lessons from 3 tech wake-up calls
Lois A. Bowers
Three tech-related stories that made the news Friday serve as wake-up calls for individuals and businesses.
The biggest story was that a cyberattack involving malicious software called WannaCrypt (also called WannaCry) spread through thousands of computers using Microsoft operating systems in more than 70 countries, paralyzing hospitals, public transportation and communication systems, manufacturing plants and other businesses.
In such “ransomware” schemes, hackers encrypt computer files and demand money to free an infected device of the virus. Those who don't pay see their files disappear.
Fortunately, Friday's attack was stopped before it could do more extensive damage, and effects appear to have been limited in the United States, but experts fear that another widespread malware attack is on the way.
In a blog post on the Microsoft website, the company's president and chief legal officer, Brad Smith, expressed dismay that so many computers remained vulnerable to the attack despite the fact that the company had released a protective security patch more than two months ago.
“As cybercriminals become more sophisticated, there is simply no way for customers to protect themselves against threats unless they update their systems,” he wrote.
Even if your computer uses an older Microsoft operating system, you now have no excuse not to keep it safe. The company has decided to make fixes available for those older systems to everyone at no charge.
Lesson No. 1: Make sure the latest security updates are installed on your devices at home and at work.
Hitting closer to home was the Friday announcement that Walnut Place in Dallas, a senior living community managed by Life Care Services, had been hit by a malware attack around Jan. 25 through Feb. 2.
The community said that it is in the process of determining the scope of the attack and also is working to strengthen its security systems.
“The systems that were impacted by this incident contained information including names, Social Security numbers, drivers' license numbers, dates of birth, address information, telephone numbers, medical record numbers, health insurance information, payment information (such as banking and credit card information), and clinical/diagnostic information related to Walnut Place patients and residents,” Walnut Place said, adding that no evidence exists that sensitive information was taken.
Nonetheless, the community said that it is mailing notices to people who may have been affected by the attack and is providing them with access to free credit-monitoring services. Additionally, Walnut Place said it is providing potentially affected individuals with contact information for the three major credit reporting agencies as well as advice on how to obtain free credit reports and how to place fraud alerts and security freezes on their credit files.
Lesson No. 2: Review account statements, and monitor credit reports and explanation of benefits forms for suspicious activity that may reveal that your personal information may have been compromised.
Walnut Place's notification followed one in January in which American Senior Communities' said that an email phishing scheme could have affected more than 17,000 current and former employees.
“In mid-January 2017, offshore scammers posing as a high-level ASC executive requested copies via e-mail of employees' W-2s,” the Indianapolis-based company said in a statement provided to McKnight's Senior Living at the time. “The payroll processor responded to the authentic-looking e-mail by furnishing the requested information.”
ASC said it first learned of the incident when employees reported that their tax returns were being rejected because others already had filed returns using their personal information. W-2 forms contain names, addresses and Social Security numbers, in addition to other information.
The company notified authorities and employees and set up a toll-free number that employees could call to get answers to their questions. ASC also is paying for free credit monitoring for all current and affected former employees and assisted them with tax-filing concerns.
Lesson No. 3: Never answer a suspicious email or click on a suspicious attachment in an email, even if it appears to be from someone you know. When in doubt, call the apparent sender directly to see whether he or she truly sent you the message.
For malware attacks and data breaches such as the ones experienced by Walnut Place and ASC, the Federal Trade Commission offers guides for businesses that explain how to secure operations, fix vulnerabilities and notify appropriate parties.
Also be wary, however, of pop-up messages that appear to be from technology companies such as Microsoft of Apple, the FTC said Friday in announcing “Operation Tech Trap.” The national and international crackdown focuses on tech support scams that trick people into believing that their computers are infected with viruses and malware; the consumers subsequently are charged hundreds of dollars for unnecessary repairs.
As part of the announcement, the FTC, Justice Department and state attorneys general announced complaints, settlements, indictments and guilty pleas related to such scams, including sentence “enhancements” for those perpetrating scams with 10 or more victims aged more than 55 years. Such computer scams were the fourth most common type of scam reported to the Senate Special Committee on Aging's fraud hotline in 2016, according to the committee.
The FTC shares tips for dealing with tech support scams on its website.
Lesson No. 4: Don't fall for callers or pop-up messages on your computer that tell you to contact tech support via clicking on a link or calling a provided number. If you want to call your security software company, look for the company's contact information on its official website, on the package in which your software came or on your receipt.
Technology issues only will increase as more devices become wireless or connected to the internet of things. Scientists at the University of Arizona and elsewhere, for instance, are working to find ways to prevent cardiac pacemakers and defibrillators for people with arrhythmia, insulin pumps for people with diabetes and brain neurostimulators for people with Parkinson's disease from falling victim to cyber attacks, putting their users at risk.
In addition to taking preventive actions, we can benefit from lessons learned the hard way from individuals and companies affected by malware and data breaches.
Lois A. Bowers is senior editor of McKnight's Senior Living. Follow her on Twitter at @Lois_Bowers.