Active password management still a solid tool to fight cyber crime

ORLANDO, Fla. — Employers should learn from the mistakes already made by companies that have been hacked to avoid also becoming victims of cyber crime, said a former FBI agent who's now a cyber security consultant.

“For a long time, the FBI director went around saying there are two types of companies: those that have been hacked into and those that don't know they've been hacked into,” Christopher Tarbell said Thursday.

Mr. Tarbell said he used to think the director was just trying to frighten people, but that was before he helped infiltrate the hacker network Anonymous and shut down the online black market Silk Road.

“The longer I've been in this, the (more) I realize it's completely true,” he said during a session at the National Council on Compensation Insurance Inc.'s 2016 Annual Issues Symposium in Orlando, Florida.

Do not be “the low-hanging fruit,” he said. “Don't have the weakest password.”

Comparing cyber crime to car stereo theft, Mr. Tarbell said that “if someone wants to steal car radios, he doesn't care which car radio he's going to steal. He's going to go down the line and open up door handles until he finds one … Lock your doors, park under a light, be a little bit more secure. Make it difficult to become a victim.”

He also suggested having different passwords across all accounts, changing those passwords at least every 90 days and storing them in different locations.