CYBER SECURITY
BY EDDY GOLDBERG
IT CAN’T HAPPEN HERE (UMM, YES IT CAN!) May 13, 2017: “Computer-security agencies across the globe Saturday raced to contain the cyber pandemic that spread from a global attack...” (Wall Street Journal) May 16, 2017: “Wanted: Chief information security officers with boardlevel management skills, tech knowledge, and low blood pressure.” (Wall Street Journal)
W
hile the threat of that particular attack appeared to be subsiding a few days later, variations were still a possibility—and new, future attacks are a certainty, whether from state-sponsored hackers, cybercriminals, or teenagers out to impress their friends. No company likes to publicly report a data breach, but these days it seems they’re in the news daily. The reason is simple: it reflects badly on the brand as a whole if a customer’s data is compromised—even if it was the mistake of a single low-level employee in a remote back office. In 2017, no brand, company, or government is safe. It was a hack of the NSA that unleashed May’s massive ransomware attack. We could try to scare you—for your own good—into acting yesterday to protect your customer and corporate data by publishing a list of the dozens of franchise brands, from restaurants to hotels, that reported data breaches in the past few years. Instead, we’ll focus on what we’ve learned about how to practice safe computing, whether it’s at the point of sale, over a mobile device, online ordering, or from as-yet undiscovered attacks. We spoke with a cross-section of people involved in cybersecurity and franchising to learn about clear and present dangers and how to safeguard your data—and that of your customers!
40
Layers of security and something as basic as ensuring the And we found the perfect person: Ar- server room is locked. mando D’Accordo, a franchisee and area 2) Standardization. The importance representative for CMIT Solutions, which of using the same equipment and conmanages IT systems for small businesses. figuration cannot be overstated, from With his own territory in Long Island and hardware selection to installing antiviresponsibility for 10 franchisees in New rus software—and keeping it updated. York City and Long Island, he hears a lot “We educate everyone on how imporabout the cybersecurity worries keeping tant that is—no exceptions, not even the SMB customers up at night. boss,” he says. One big picture shift he’s seen is the 3) Layers of security. It’s not enough evolution of MSPs (managed service pro- to have just antivirus software installed viders) to MSSPs (managed security ser- on every computer, he says. There’s also vice providers). Months before the recent antispyware, spam filters, and two-factor “WannaCry” global attack, his newsletter authentication (a new hot item he says warned specifically about ransomware that is now affordable for SMBs). and cited the following statistic: “Barely “These three things are really imone month into 2017, cybercrime is al- portant,” he says. “You can have all the ready making headlines…. 2016 shattered technology, but if your employees are not all previous data breach retrained to be really careful there’s not much we can do cords, with more than 4 billion records compromised about it. With phishing and worldwide.” social engineering, it’s like Many, if not most, secuhaving a bouncer at the door rity experts expect each year who lets everybody in.” to set new records as both Centralized control the number and sophisticaMJ Worsham is the corpotion of hackers and attacks continue to rise. In the face rate IT manager for The of this onslaught, one of his Plamondon Companies, the mantras is “layers of security.” franchisor of Roy Rogers D’Accordo recommends Armando D’Accordo Restaurants. He oversees all three actions franchisors can take to mini- aspects of technology for the company, mize the chances that they’ll be victims from internal networks to PCI compliof a data breach (note that the first has to ance and POS management, including the do with people, not technology): recent integration of the Roy’s Rewards 1) Training, both initial and ongoing, loyalty app. for all employees. With a new client, he First, he says, educate your staff about says, “We will have a lunch-and-learn ses- the things they can control—most imporsion to explain the system we put in place tantly, their own actions. But someone’s and ask employees to sign that they un- bound to slip up, especially as phishing derstood what they learned.” In addition, scams become more devious and clever. he provides clients with ongoing weekly Thus the importance of securing your tips on system usage and security, from system on the technology side. “As a franchisor, I highly suggest that teaching them how to use Microsoft Outlook securely to how to recognize scams the most important thing is to standardize,
Franchiseupdate ISS U E II, 2 0 1 7
fu2_feature_cybersecurity(40-41,42).indd 40
5/18/17 7:29 AM