Cyber security experts will tell you people tend to be more suspicious of unknown links or emails from strangers while using the internet at home. But while at work, people often feel more secure in clicking those links and fall victim to phishing attacks.
And that’s exactly what Wombat Security Technologies, based in the Strip District, is trying to combat.
Those cyberhacks caused by employees clicking on spam or phishing links can cost companies millions of dollars – and, in some cases, lead to the firing of those employees.
“For some reason, all links want to be clicked,” said Vanderbilt Professor Eric Johnson, who researches information technology. “Many times, particularly in work settings, people feel unusually secure, they feel somehow invulnerable or protected. You might not do even things on your home computer that you would do on your work computer.”
Wombat is focusing on challenging that secure feeling.
“We solve a unique problem when comes to security education in that security officers at organizations, they are required or asked to help people learn to protect selves from cyber attacks, however, that’s not something they’re particularly skilled in doing,” said Amy Baker, Wombat’s vice president of marketing. “So we really fill a need in that we are educators first, and then cyber security experts as well.”
Wombat, a Carnegie Mellon University spin off, is named after the fuzzy Australian marsupial that’s a fierce and fast defender of its territory. A study commissioned by Wombat and conducted by the Ponemon Institute found that if a large company is successfully phished, the cost can be as much as $3.8 million.
One way Wombat tries to train employees is by intentionally sending them fake phishing emails. If the person falls for it, they’re automatically launched into one of Wombat’s 17 training games.
During a demonstration, Baker said, “When I get to playing the game part, it tells me that I have three emails to review in each of three rounds. I have points that I can gain or lose, I have lives that I can gain or lose and I need to complete this in two minutes or less, each round.”
Wombat’s education technology is patented. Baker said the real-time individualized modules are more effective than annual or even monthly group trainings. Wombat charges companies a minimum of about $5,000 per contract -- typically less than $4 per user.
“We’ve had significant growth over the past four to five years of almost or greater than 100 percent in customers and revenue each year,” Baker said. “There’s a lot of demand in the marketplace for a solution like this.”
Vanderbilt’s Johnson said that Wombat’s focus on human behavior is one very important piece of the security puzzle.
“That certainly alone is not going to solve security problems,” he said. “But it’s part of the overall solution.”
Wombat also shared the following tips for how to protect yourself from cyber hacks:
USB SECURITY
Baker recommends only using USBs from a company's security officer. Some hackers -- and company security officers, including Wombat's -- test employees’ computer security smarts by placing USB storage devices around the office. When employees use the drives, they can get a pop-up warning message if they’re from an employer, or fall prey to an attack if they’re from a criminal.
PASSWORDS
Baker said many people don’t password protect their phones. At a minimum, Wombat recommends using a password. The company also suggests overriding the default four-character Smartphone password and using eight characters. Using a fingerprint detection feature can add another layer of security.
In general, Wombat teaches people how to create phrase-based passwords and families of passwords. “For example, you can say, all of your passwords have the name of a car in it, and maybe a color,” Baker said. “And maybe ‘CorvetteRed’ is always used for just banking. And that’s the one that you only use for banking sites, or your bank itself.” She recommends avoiding a password that is a “name of dog which they’ve probably announced on Facebook multiple times.”
MOBILE APPS
Baker said apps -- especially free ones -- can be a source of viruses. Hackers can download paid apps, install malware and upload free versions. To avoid this, Baker recommends not downloading a new app. “Make sure it’s been up there for a couple of months at least,” Baker said. “You almost have to give the app store time to catch up (and remove malicious apps).”
WHEN IN PUBLIC
In the coffee shop, and even in the library, Baker offers a number of suggestions for keeping data safe when working in public. One is a low-tech solution: a cover that prevents anyone from seeing the user's screen outside of a 30-degree angle.
Baker keeps a sliding cover over her laptop computer’s camera as well, because she said hackers can breach a camera and see what a user’s doing -- and that might be rifling through credit cards while making online purchases.
“Free Wi-Fi is just a hacker’s dream,” Baker said. When working in public, some companies have secure channels to work through. For individuals who don’t have this option, Baker said it’s more secure to use a mobile phone as a hotspot for a computer.
The biggest way people can take over devices, Baker said, is when people leave them on buses, planes or anywhere they can be easily hacked into -- so hold onto those devices.
In this week's Tech Report calendar:
- Carnegie Library's downtown branch is teaching 3-D printing basics in a lunchtime class on Thursday.
- The Pennsylvania Educational Technology Expo and Conference is coming up in Hershey, Pa. Feb. 21 through 24.