a product message image
{' '} {' '}
Limited time offer
SAVE % on your upgrade

Page 40

I N T H E T RENCHE S

THE DREADED DATA HACK By Allen McBroom One frosty morning in December, my business partner stopped to put gas in the company van, and he ran into an unexpected snag. His credit card was refused at the pump, and no amount of re-tries could convince the pump that it should stop being obstinate and just take his word for it that the card was OK. Checking the card info later on the interwebs revealed that his card no longer existed. Just like an unpleasant magic act, his card number had gone *poof* and vanished. A follow-up call to the card company revealed that the cause of the problem was that one of our vendors (they refused to say which one) had suffered a data breach, our card info was compromised, and to protect us (Yay for being protected!) they had killed his card and mailed him a new one, which would arrive in seven to 10 days (Boo for being without a company card for a week or more!) We were not actually without a card, because we have multiple 40

company cards, so we just moved one of the other cards into his use until the other one arrives, like a knight in shining plastic, to restore our vendor buying power. Of course, there’s still a lot on inconvenience on our end. The temporary moment of no-card freakout aside, we also have that card on file with some vendors, so now we’ll place orders, and then have to see which orders get a return call for a new number, and those orders will be delayed until the new info gets into place. Any way you slice it, it’s a hassle. No vendor has given us a courtesy call so far to let us know how serious the breach was, or if it impacted us, so we may never know who interrupted our preChristmas sales flow with this unwelcome event. All of our in-store efforts at data security don’t protect us from breaches in other locations. Vendors, and anyone else to whom we give our card number, can suffer a breach that negatively influences us. Despite data security being a hot topic with high-level management, and despite assurances from information technology departments that the networks

and servers are secure, the reality is that things may not be as secure as we are being led to believe. One of my best friends worked as a white-hat hacker for several years. Yes, this job exists, and it’s even legal. A white-hat hacking company is employed by a business to test the integrity of its data security. A hacker gets paid by the customer (i.e., Target) to try and break into the company servers, and if successful, they leave a calling card, a small file that basically says the modern equivalent of “Kilroy Was Here.” This proves to the customer that the hacker got in. The hacker then writes a report that outlines for the customer how they got in, and the steps the IT guys need to take to keep him (and others) out. I asked my friend how often they were successful in getting in. Without pause, he said, “100 percent of the time.” He then explained that part of his contract required him to penetrate the same servers three months after delivering the report,

and almost all of those penetrations were successful. It seems some IT departments may not be fixing the known vulnerabilities that are exposed in the hacker’s report. While we could spend the rest of our week speculating as to the whys of these puzzling failures to implement corrective action, it would serve no practical purpose, so instead let’s look at what we can do to keep ourselves safe from the laxity of others. Have multiple credit cards. They can even be on the same account with the same card company, since my card still works fine even after my partner’s card died an early death. You don’t have to pass those extra cards out to your manager or someone else, but make sure they are activated and held somewhere safe. If your card goes *poof* unexpectedly, you can switch to another card and carry on with only minor inconveniences. Never use a personal card for business reasons, if you can avoid it. Your personal card probably has your social security number tied to it somewhere, and if it gets compromised, your personal identity risk could soar. Your business card probably has only your business employer ID number (EIN) tied to it, and that’s much safer to have out there than a card with your personal data attached. A little closer to home, make FEBRUARY 2020

Profile for Music & Sound Retailer

Music & Sound Retailer February 2020, Vol 37 No 2  

In the February issue of the Music & Sound Retailer, we provide an in-depth review of The NAMM Show, offer 40 more products debuted at the s...

Music & Sound Retailer February 2020, Vol 37 No 2  

In the February issue of the Music & Sound Retailer, we provide an in-depth review of The NAMM Show, offer 40 more products debuted at the s...