By Kevin J. Goodman
The big box stores, whether online or brick and mortar, may appear secure, yet they are at risk. As we have learned, Target was indeed the target. TJ Max, Home Depot, and others have all been hit hard and breached.
When it comes to mom and pop vs. big retailers, the small shops seemingly fare better than the big boys. The old adage the bigger you are the harder you fall seems to hold true in cybersecurity (at least in the press reporting). The larger stores seem to have more to lose and are a target as there may be more in the bank; however, many studies show that approximately 75 percent of all data breeches occur outside of large enterprise environments. They seem to be less newsworthy to the media even though they account for about three-fourths of all data breeches.
Although there is really no one-size-fits-all effective short list of checking a proprietor or how to behave in the digital era, it is wise to look for companies that seem to exhibit best practices. First things first, the best defense in controlling your destiny around cyber and mobile security is to clearly understand and know your risk exposure of your credit and debit cards. As a culture we put a lot of faith while impulse buying that our information and transaction is secure. The truth is we never know.
If statistics take their inevitable toll and you are a victim of fraud, you want to limit your exposure and make sure your bank is on your side. Know your bank and its policies ahead before you ever use your cards. Be sure to shop for cyber protection and not just interest rates. Your liability limit for credit vs. debit card is a consideration that must be understood. Credit card issuers provide disposable numbers linked to your account. Understand them and use them on major and at risk purchases.
As a practice, resist and limit information you provide to any company you are doing business with. Do not use primary email accounts for contact info for third-party use; instead provide an ancillary email that you can burn if necessary. Only share personal information with trusted sources. Be extra careful not to share sensitive personal information, such as social security numbers, credit card numbers, and driver’s license numbers. Don’t do business with an entity that does not have a posted privacy notice.
A good way to protect yourself from breach is to think of online, cyber, and mobile transactions as you would going into a bad neighborhood. Keep your eyes open. Don’t trust an open wi-fi hotspot in a small or large shop to make a transaction as people can lurk there and pick off data.
Think of the adage, “Nothing is truly free,” including mobile apps. Be mindful of the personal information you give mobile app providers. Many free apps sell your information to a wide range of companies, some of which may have malicious intents. Studies have shown most apps do not have many, or even any, security controls built in. Check privacygrade.org to see if the app you want respects your privacy and has security built in.
Be cautious with new “smart” devices. A wide range of new and unique gadgets — from socks to smart cars that are being referred to as part of the Internet of Things — connect you directly to other entities (and even to the Internet) to automatically share information about your activities, location, and personal characteristics. Before using such devices, make sure you know which data they are collecting, how it will be used, and with whom it will be shared.
There is much that we can do on our own side to assure privacy, security, and mitigate risk. Recently, the Sony Hack reminded us to watch what we write. For every accurate statement made about the recent Sony Pictures hack, there have been many inaccurate ones. Not surprisingly, many of these errors have been uttered by leaders and other self-proclaimed cybersecurity “professionals.”
Just as notable is the fact every person is vulnerable to hackers, as evidenced by the reputation damage suffered by several Sony Pictures executives whose emails were leaked to media for a litany of comments and seeming positions. Things you may think are cute, funny or private, when exposed to a broader audience out of context, can paint a public picture of a person you are not. This can be very disturbing and unfair. Remember: You should never put anything into an email – especially your work email — that you would not want the entire world to be able to see if that message is not encrypted. The idea is to never write anything you would not allow your own mom to read while coupling that idea with the old adage of “never write what you can say and never say what you can write.” Then, when you are hacked, it is more of a non-event.
My final piece of advice to any person, firm or shop:
Be quick to outsource to providers who are third-party audited and hold various certifications; do not run a cyber shop on your own and without expert consultation and regular updates. Anti-virus companies offer software that will scan your website for malware and alert you of any breach. I was quoted in this Wall Street Journal story about the importance of small businesses making sure customers believe their websites are safe from hackers. It has many useful nuggets in the piece to carry onward. Entrepreneurs and consumers both could consider using security as a differentiator over their competitors. Car manufacturers tout how safe their cars are; although a bit different in nature, so should a business lead with its security and privacy intention and commitment.
It is said that more data and information was generated in 2012 than all of the previous 5,000 years. If this is close to true, we are called to be more vigilant in our practice around privacy and security. The digital era requires that we take the time and effort to instill practices both proactive and reactive, strategic, tactical, including cultural practices, policies and procedures combined in our day to day logistics around privacy and data security.
Kevin Goodman is the managing director, partner with BlueBridge Networks, a downtown Cleveland-headquartered data-center business. Goodman is a strong believer in keeping an open mind to alternative approaches to life and work. Goodman often times implements a combination of traditional and unconventional efforts in response to an ever-changing fast-paced technology landscape. BlueBridge Networks delivers best-in-class datacenter services, including virtualization, cloud computing, disaster recovery, and managed storage and security. In the past 12 months, BlueBridge and Goodman have earned “Smart Business” magazine’s Smart 50 award, “Inside Business” magazine’s Cool Tech and NEO Success awards, Medical Mutual’s Kent Clapp CEO Leadership award, and a NEOSA Best of Tech finalist award. He can be reached at (216) 367-7580, firstname.lastname@example.org, www.kevinjgoodman.com or www.bluebridgenetworks.com.