Information Security in a Digital World

What is one thing every organization has in common regardless of size? The one-person shops to the small non-profits. The mid-market company fighting tooth and nail to make it in a competitive arena, and further on up to the company of ten-thousand spanning thirty states across the country. Even those multi national mega-corporations have this in common. What could an international corporation of 500,000 have in common with a local family owned diner of 3? Customer Information…

Look at the most recent data breach, reported just yesterday. Equifax, one of the largest credit reporting agencies in the United States, disclosed that an unauthorized third party gained access to data on as many as 143,000,000 Americans. That is a lot of zeros in that number. To put in into perspective, that is half the adult population of the United States according to the last census. Included in the files accessed was tons of personal data, including names, dates of birth, Social Security numbers, address, relatives, phone numbers, work history, credit history. And in some cases, data included full credit card numbers, documentation on credit dispute records and “Additional Personal Information”.

In today’s world, customer information is the most sought after booty since the days of Blackbeard and his buried treasure. Modern pirates go by a different name however.

Who Are These People?

hacker
Modern “Hackers”

Hear the word hacker in modern media and most people would imagine a 15-25-year-old, living in their parent’s basement, hoodie-wearing recluse, but there is so much more to this group. Much like any other collection of people, they come from different backgrounds and are motivated for a variety of reasons. And for the record, hackers don’t always hack for financial gain. Recently, governments and media have been the largest target. Political motivation has been a large growing sector lately. Another reason is simply notoriety.

Just scroll through this list of disclosed breaches in 2017 and you’ll see the wide gamut of corporate victims. Luckily though, like any other good fight, there are people in the other corner fighting against those who seek to wreak havoc. “White-Hats” are a branch of the hacking class dedicated to doing good. The goals of a white-hat are simple, to ensure computer systems are secure.

Fighting The Good Fight

Luckily, there is much you can do. Any person with an internet connection and a mild know-how of the Art of a Google Search can find lists and lists and LISTS of “How to prevent a data breach”. Any of those results are great, but it can all be boiled down to these three simple tasks.

  1. Identify Your Data Security Problem – This is the big one. Before you can mitigate any risk, you need to know the risk. Identify what kind of data you have, who would benefit from gaining access to that data, and your weaknesses, specifically technology. Outdated and unpatched technology is the easiest path for hackers to gain access.
  2. Invest in Education – Training, training and more training. Teach your staff how to identify fraudulent emails. Educate staff on proper policies for interacting with customers, i.e. what type of information to include in an email.
  3. Address The Issue – This may seem like a no-brainer, but it is most often the forgotten step. Identifying the problem and training your staff is absolutely worthless if you do nothing about it.

Don’t be afraid to identify your weaknesses as an organization. Trust me when I say it is better the good-guys find it than the bad-guys exploit it. If you need help or assistance with any of these steps, please reach out to us. Don’t be on the wrong side of the news.

Written by Donovan Brock, Director of Managed IT Services