Finding Some Security In An Insecure World
Harry Segal, president of Networks Unlimited in Hudson, is a busy guy. And he’s likely to stay busy for the foreseeable future.
That’s because his 15-person firm specializes in data security, which, in case you haven’t noticed, has been making regular headlines lately.
The most recent case — and it’s a doozy — involves news that more than 100 million accounts with Sony’s Playstation network may have been compromised in a cyberattack. While Sony isn’t sure that credit card information was stolen, they can’t rule it out. And that’s not very reassuring to the millions of parents who handed over their credit cards to junior so he could play the latest version of Call of Duty.
Vulnerable Systems
Sadly, data breaches are nothing new. And while the Sony breach is being billed as possibly one of the biggest — and potentially costliest — of any, it’s likely not to own that distinction for very long. After all, it was only four years ago that Framingham-based TJX Cos. held that honor for its data breach.
It was the TJX breach that inspired the Massachusetts Data Security law. The Bay State was one of the first in the nation to put such a law on the books.
One of the requirements of the law is that any company that suspects personal customer information has been compromised must report it to the attorney general’s office. Since being enacted, there have been 1,927 cases filed with the state. And the AG has even gone after Sony — which isn’t based in Massachusetts — requiring that it comply with the law because Massachusetts residents were impacted.
Given that a large, sophisticated firm like Sony fell prey to an attack gives me pause. If Sony can’t protect its data, then what chance does a small, mom-and-pop operation in Central Massachusetts have? Well, I went to the experts to find out, and there are some pretty basic things all businesses can — and should — do to stay out of the headlines.
Taking Stock
Segal at Networks Unlimited says he sees two key issues when doing security audits. The first is that companies are failing to stay on top of third-party application upgrades. That includes making sure all the machines in your office have the latest version of Adobe Acrobat Reader or Java installed. If computers within your company have outdated versions, they can be more vulnerable to spyware attacks, which can put your networks at risk.
The other key issue Segal noted is phishing attacks. Phishing scams — where a legitimate-looking email goes out with nefarious purposes in mind — originally got their start in the banking industry. But today they’re being used to target any number of industries, including hospitals and educational institutions. In a phishing attack, a hacker sets up a shadow website that looks legitimate and then tricks people via email to provide personal information. If a company’s website isn’t secure, it can be more vulnerable to such scams, again putting their innocent customers at risk.
It can be tempting for businesses to ignore these kinds of issues, because let’s face it, what small business owner has the time to think about data encryption? But ignoring the problem won’t make it go away, according to David Felper, a senior partner at the Worcester-based law firm of Bowditch & Dewey, who has given more than 40 seminars on the topic of data security since the Massachusetts law passed.
Felper recommends that every business do an inventory of where personal customer information is stored, who has access to it, how long it is kept and how it is disposed of.
“Only by doing that kind of inventory can you really assess what your risk is,” Felper said.
And, he added, once you’ve got your inventory done and your protections in place, the job isn’t over.
“Just because you’re sure that your data is secure today, you can’t guarantee that it’s going to be protected tomorrow,” he said. “It requires ongoing vigilance.”
Got news for our Digital Diva column? E-mail
Christina H. Davis at cdavis@wbjournal.com.
WBJ Web Partners
Most Recent
Most Recent
0 Comments