Online Security

Cybersecurity: Five Digital Hygiene Practices That Protect Your Customers

Cybersecurity: Five Digital Hygiene Practices That Protect Your Customers 2560 1707 Alicia East

If you’re a production company with expensive gear, you lock it up well and insure it. You keep your wallet or purse close to you while you’re in public. Unlike tangible items though, we can’t keep our identity, data, and personally identifiable information (PII) in our sight or locked up with a key. Cybersecurity requires a different approach. Businesses have extra responsibility because they have access to their workers’ personally identifiable information. Every time you engage an employee or a temporary worker, some level of personally identifiable information changes hands. Just think about how many social security numbers pass through your system. If those stay on your hard drives, you are putting your customers’ information at risk! This is one reason, among many, that it’s so important to have a high level of data security on a company level and to train staff in digital hygiene practices.

Current Threats

It seems every week, a major company, city, or hospital experiences an alarming security breach. Each error compromises something, whether it’s privacy (hacked laptop/phone cameras or Zoom calls, for example), data, or PII. Credit monitoring companies, phones, hospitals, and entire cities have been compromised or even taken hostage. The government has identified the cyberworld as its own domain (after land, air, water, and space). As such, it requires businesses and individuals to have a strategy and implement measures to keep countries, businesses, and people safe.

Businesses and consumers increasingly rely on apps and software to get their everyday work done. Customers, employees, and sometimes patients trust companies with their information. This comes with a responsibility to handle that information well.

So What’s a Company to do?

It’s kind of scary, sure, but there are solutions. While some require third-party software, many of them are basic.

  1. Password Management: There are tools that offer super secure ways to make sure your company passwords are accessible only to whom you want them to be. If you’ve ever tried to access a company account after the person who managed it is no longer with the company, you see the value here. Aside from the convenience, it’s a way to keep information super secure.
  2. Make Your Policies And Procedures Airtight: Prevention is always ideal. Train employees on good security etiquette. For most organizations, human error is by far the most likely source of mistakes that lead to breaches.
  3. Check Your Insurance Coverage: Should you experience a breach, having solid insurance coverage in place can make it a lot less painful by covering the financial loss. Talk to your insurance provider about your current coverage and where there might be gaps. 
  4. Conduct Penetration Tests: Have third parties perform monthly security checks and an annual penetration test to ensure that anyone that tries to come after you will have a tough go of it. 
  5. Encrypt Customer Information: Encrypt all information at multiple levels. Encryption scrambles data so that it’s unreadable without the encryption key. 

Conclusion

Any investment in your security is a wise investment indeed.

What do Supply Chain Shortages, $1.2 Billion, and Compromised Healthcare Have in Common?

What do Supply Chain Shortages, $1.2 Billion, and Compromised Healthcare Have in Common? 2560 2048 Alicia East

To quote the Fiddler on the Roof: “That I can tell you in one word.”

Ransomware

Ransomware is an ever-growing global threat where the attackers hide behind computer screens. It’s a growing concern for governments, industries, and individual private citizens because it can cause serious disruptions in everything from the food supply to healthcare. Short-term inconveniences like a cream cheese shortage and waiting in long lines for gas are just the beginning. It can be downright dangerous when people aren’t able to heat their homes or when healthcare quality is compromised. Here’s a fact it’s time to face: Ransomware is nothing short of a national security threat.

And as long as it’s profitable to the tune of billions of dollars, it’s not going anywhere.

How Did We Get Here?

According to New York Times reporting, the Facebook model of “move fast and break things” is catching up with companies that built systems quickly to beat competitors to the market. It’s no wonder that cutting corners has landed us in worse shape in the long run. Businesses are facing painful consequences like enormous ransom fees, loss of business operations, compromised data and damaged reputations.

We are facing a very rude awakening, but this is by no means a new problem. Attackers have been honing their skills and wreaking havoc quietly for years. If you’re old enough to have had one of the first email accounts back in the days of dial-up, you may remember getting an email asking for a few hundred dollars in exchange for unlocking your device. It’s now grown into an issue that costs billions of dollars and includes national security risks. What’s new about it is that people are feeling the effects personally.

Who is Behind The Attacks?

According to published sources, over half of the attacks have one thing in common: They originate in Russia. These attackers write code specifically designed to bypass Russian businesses and Putin will not prosecute cybercriminals or extradite them upon U.S. request. Experts believe that Russian attackers operate under two unspoken rules:

  1. Don’t attack Russian businesses.
  2. Be ready to do favors for the Russian government upon request.

What if Companies Don’t Pay?

In 2019, cybercriminals demanded $75,000 after an attack on the city of Baltimore. Baltimore decided not to pay it and ended up paying $18 million to rebuild the systems instead. The theory is that if all companies refuse to pay, hackers lose their leverage and incentive.

The bigger the impact, the more leverage the attackers have. When you see hospitals turning away ambulances at the door, it becomes really hard to ignore or take the time to rebuild systems altogether. It’s legal to pay the attackers off and many companies find it much more cost-effective to do so.

Hackers, then, are rewarded for their efforts and the cycle continues. The result? Companies spend millions in ransom to get their compromised systems running again. Individuals have their personal information compromised regularly and governments are grappling with an issue they’re now ranking as dangerous to national security as terrorism.

Okay, Well What Can we do About it?

On an individual level, it really is as unglamorous as brushing up on cyber hygiene. The Daily podcast cites the saying that, “security is only as good as your weakest link” and it usually ends up that the weakest links are employees and individuals. The Colonial Pipeline attack was traced back to a single employee with a compromised inactive account.

Josh Hornung at Hornung Technology Services, which specializes in IT Support and Cyber Security services said, “A good unique password for each site is step one. Enabling two-factor or multi-factor authentication everywhere you can is step two. Too many people use the same password across many accounts, which is how a lot of this stuff happens nowadays.”

Even the professionals aren’t immune. Hornung knew of an IT professional at a different company who got hacked. He said the attackers “stole a spreadsheet where he kept all of his clients’ logins and security info.” From there, they “started logging into his clients and infecting them with ransomware.”

On a company level, you can either build your systems correctly on the front end and save yourself a world of hurt, or you can fix the problem retroactively and pay dearly for it. And no matter what: the right time to start fixing what’s broken is right now. To quote Hornung, “It’s wild out there!”

How Does PayReel Keep Clients Safe? 

With the mountains of personally identifiable information we handle each day, security is hugely important to us. We train our employees regularly on cybersecurity and we pay people to try to infiltrate our systems just to find vulnerabilities. At this point, such penetration tests might be a good idea for most companies—even those that only handle smaller-scale data.

That might not seem very glamorous, but in this case, boring is exactly what you want. If your systems are secure, hackers may be inclined to move along to the low-hanging fruit and leave you alone. Either that or you can become fluent in Russian and start operating all of your business in Russian. нет? Okay, well then get on it.

Note: We relied heavily on The Daily’s podcast episode “Who is Hacking the U.S. Economy?” for this post.