Congressman Jim Langevin (D-RI), co-founder and co-chair of the Congressional Cybersecurity Caucus, hosted an educational cybersecurity awareness forum with the Rhode Island State Police Computer Crimes Unit, the State Cybersecurity Officer, the Rhode Island American Association of Retired Persons (AARP), and local officials to provide attendees with steps for staying safe online.
The forum, which took place Monday at the South County Nursing and Rehabilitation Center, started off with Langevin explaining what exactly cybersecurity was, describing it as an effort to protect an individual against both foreign and domestic “bad actors” working online.
“Cybersecurity is the national security and economic security challenge of the 21st century and will be here for quite some time. Cybersecurity isn’t only about foreign hackers or foreign individuals involved in the security,” Langevin said.
While Langevin went on to say that, while Russian interference in the 2016 elections was a topic of concern to remain vigilant about, the topic of cybersecurity goes beyond “nation state attacks on foreigners.”
“It runs the gamut from domestic individuals that run a criminal enterprise or just hackers in general that may try to prey on us, all bad actors,” Langevin said. “Each of us can take steps in order to protect ourselves while we’re online.”
“There’s a number of stuff that you can do, such as strong passwords, changing passwords on a regular basis, making sure that you’re downloading the security patches,” he continued.
Security patches are general ways of protecting information by updating systems, such as upgrading to the latest version of Windows and updating security systems.
Following his introduction, the congressman invited the three guest speakers to come up one at a time. The speakers were RI cybersecurity officer Mike Steinmetz, RI AARP representative Daniel Liparini, and RI State Police computer crimes unit captain John Alfred.
Steinmetz started off by comparing cybersecurity to everyday protections, such as locking your car, and proceeded to describe a scenario where somebody leaves their car running in the Dunkin’ Donuts parking lot while grabbing a coffee, and how vulnerable that person would be to theft.
“Today, as the congressman mentioned about passwords and patching and backups, I want you to remember that analogy because if you’re not changing your passwords, if you’re not patching your system, your car is outside of Dunkin’ Donuts with the doors open, the keys in it, and the engine running,” he added.
Steinmetz then went on to explain the importance of creating an appropriate passing, and when he asked how many thought passwords were hard to remember, nearly every person in attendance raised their hand.
“Pick something that you like or something that you kind of remember. Easy things like ‘purple,’ ‘clown,’ or ‘church,’” he said. “Everybody will remember that, and then you just add in a couple of letters in between, or special characters in between, word or a capital letter in there, or a numeral somewhere.”
Speaking as the AARP representative, Liparini also described the importance of cybersecurity, specifically for senior citizens, and the dangers posed by hacking and phishing– the use of scams to gain access to a user’s sensitive information by appearing legitimate, whether it be passwords, security information, or date of birth.
“Most AARP members grew up in a time where we were playing with tinker toys, then we graduated to Monopoly. We didn’t carry around devices that use more computing power than NASA used to send the first man on the moon,” he said. “So we’re subject to hacking and phishing, we really have never been trained how to cope with that.”
Phishing scams include IRS, medicare, technical support, lottery, veteran scam, and romance scams.
While Steinmetz and Liparini described the technical aspects of cybersecurity, Alfred said he was there to talk about the “human side of things,” such as how phishing and “social engineering” play a part in the theft of user’s private information.
Alfred defined social engineering as leveraging and manipulating “human nature” to gain access to private information.
“I’m going to find a way or find something that you know about, and try to entice you by using what you know or what you like,” Alfred said, from the perspective of the social engineer. “We’re all targets, whether you know it or not. You have some type of information that they can a little bit of that information and pull it from you. There’s something called the dark web where they’re able to sell this information.”
Wrapping up, Alfred’s central message to residents in attendance was to be more skeptical of what they come across online.
“Don’t be too trusting, be skeptical of any emails or phone numbers you don’t recognize, and don’t click hyperlinks. If it’s too good to be true, it’s too good to be true,” he said.