4 minute read
Keep the bad guys at bay Why
BY KRIS BEVILL
Last November’s infamous data security breach at Target Corp., now believed to be one of the largest recorded data security breaches in U.S. history, provided a painful reminder to the retail giant (and the 40 million customers whose information was stolen) of the importance of diligently protecting data.
“Big data” is now a big buzzword and for many business owners nationwide, Target’s cyberheist served as a wake-up call regarding their own security policies and how to protect big data from the bad guys.
What is ‘big data’ and who wants it?
Everyone has big data, and all of it is targeted for the taking, from customer lists and marketing information to manufacturing processes and engineering notes, according to a cyberintelligence agent who spoke at a recent meeting of the North Dakota chapter of InfraGard, a public-private partnership focused on sharing information and intelligence to protect the U.S. from hostile acts, including cyber attacks. The program is led by the FBI and includes members of various businesses, educational institutions, health care organizations, law enforcement agencies and anyone else who has an interest in the topic and passes an FBI background check.
Data thieves include the expected hackers, as well as insiders (disgruntled employees), social activist groups, competing business interests and foreign intelligence services. Any number of approaches may be taken to breach security and obtain data, including phishing emails, social media outlets, mobile devices and insider theft, but the ultimate driver for data theft is always the www.jlgarchitects.com
THANK YOU. Twenty-five years ago, Lonnie Laffen and Gary Johnson founded an architecture firm based on hard work, a love for our community, common-sense values and a respect for budgets. Today, with over 85 professionals and 90 design awards, JLG owes its success to its clients, who are constantly pushing the envelope in terms of innovation, energy efficiency and smart design in order to raise bottom lines and provide a strong future for all of the upper midwest. Thank you – we look forward to the next 25 years.
(continued from page 40) same regardless of the source or method used to obtain it. Simply put, data equals money. For example, the customer information held by banks can easily be more valuable than the hard cash kept in their vaults. Likewise, the process a manufacturer uses to produce a certain product is what makes the company valuable. Therefore the data that describes the details of that process has more economic value than the widget itself.
How to protect it
Data has value and thieves know it. The problem for many businesses, according to technology experts, is that business leaders often don’t know what valuable data they have, and you can’t protect what you don’t know.
“First and foremost, you need to know what your data is and what your sensitive data is,” says Ric Todd, technology consultant at Network Center Inc. He says his company often takes a high-level approach when working with new businesses to learn how they operate and where their risk areas are so that each area can be adequately addressed.
Todd also recommends businesses ensure they have a clear and acceptable usage policy so employees understand their boundaries regarding sensitive information. This is becoming particularly important as more employees push for the ability to use their own mobile devices or other technology for a “unified technology experience,” he says. He often speaks with information technology heads on this topic and says it is a major issue of concern because the more devices that are allowed access to data, the more at-risk the data becomes. “Malware and those kinds of nasty bugs have become so good at tricking people, you really have to almost take the control out of end-users hands and limit the things they have access to,” he says.
Every business needs to be concerned about security, but small businesses are often particularly vulnerable because they are most likely to lack proper security measures and usually don’t have insurance in place to cover any data-related losses, says Kelvin Daniels, technology consultant at Network Center Communications. However, he says even larger companies often do not have enough IT staffers to adequately protect the company’s data. “The bad guys are getting smarter and the good guys are understaffed,” he says.
The most common mistake Daniels sees businesses make regarding data protection is a lack of proper back-up measures.
There are a variety of free options available, including antivirus applications and firewall protection, but they do not provide business-standard protection, he says, adding that good anti-virus applications typically cost about $35 per employee per year.
Even the best anti-virus software on the market can’t protect against all attacks, however. CryptoLocker is one of the most vicious viruses known, infamous enough to warrant its own Wikipedia page, and slips by every anti-virus application out there, according to Daniels. Once in, the virus encrypts files and holds them hostage, demanding a ransom from the user in order to regain access to the data. What makes the virus so dangerous is that it appears as an attachment to a legitimate-looking email. “It’s scary because it doesn’t look like it’s bad,” he says. “It’s like DiGiornio pizza – everyone thinks it’s delivery pizza but it’s not.”
There may not yet be an anti-venom for CryptoLocker per say, but businesses that are attacked by the virus and have proper protection measures in place can rid themselves of the poison much more quickly than others. Daniels says several of his company’s customers were attacked by CryptoLocker, but because they were properly protected they didn’t have to pay the ransom and were able to remove the virus and regain access to their data quickly. “If you’re doing your job as an IT support company, you should be able to take care of these things in short time,” he says.
Business leaders who are unsure about the quality of their current security measures or their current IT providers should evaluate some of the key components of protection. Beware of companies that do not mention back-up protection or that suggest tape back-up, says Daniels. “If you have a tape back-up or they pitch it to you, don’t walk – run away,” he says. Other considerations include firewall offerings and support rates. Daniels encourages businesses to be skeptical of companies that charge by the hour for support calls and suggests they look for a provider that offers a service-level agreement with guaranteed response times to ensure fast fixes when they’re needed. If still unsure, consult with a third party. Both Daniels and Todd recommend audits by third-party companies to validate security policies and ensure the correct protection measures are in place. After all, nobody wants to be the next Target. PB
Kris Bevill Editor, Prairie Business 701-306-8561, kbevill@prairiebizmag.com
