By Daniel Riedel
Data security is a huge and growing issue for every company, regardless of its size. But it's hard to drive home the importance of securing data…yawn, right? However, the ramifications became clear to millions of people with last year's nude celebrity photo leak. Say "nude celebrity" and suddenly you have everyone's attention.
It appears there's been a crack in the case. The FBI recently confiscated computers from a Chicago man's home in connection with a hack that released nude pictures of Jennifer Lawrence and other Hollywood stars. The recently unsealed search warrant and affidavit confirm what Apple CEO Tim Cook first said: The leak wasn't the result of a breach in Apple's iCloud system; it was the hacker's apparent attempt to reset passwords.
The leak of these celebs' private photos drew a lot of attention to the cloud's safety, raising business leaders' concerns about the security of their data. It doesn't look like things have improved much. In fact, a new report shows there are still serious vulnerabilities that make iCloud easy to hack.
How Secure is Your Small Business Data?
The IT security business is a multibillion-dollar industry, poised to grow tenfold in the next decade. Biometrics, behavior- and location-based authentication methods, near-field devices, and big data all play a part in handling identity management.
At this year's CTIA Super Mobility Week conference, Equifax presented mobile tracking methods that preempt even what the mobile carriers do. Basically, anyone with a mobile device that connects to access nodes needs to be identified. Everyone—from phone manufacturers and cellular providers to financial service providers and the federal government—works hard to identify you online.
Take Apple Pay, for example. It allows customers to wave their phones in front of a checkout counter to make purchases. It works with Visa, MasterCard, and American Express. Card numbers are not stored on your device or on Apple's servers. Payment information is sent with a "dynamic security code." Retailers can't see the customer's card information, and Apple can't see what customers buy.
Upon its launch, Apple claimed that this system would be secure, yet hackers still found their way in. Instead of a failure with the Apple Pay platform, it seemed to be an issue that falls on the banks. The vulnerability occurs when people connect their credit cards to Apple Pay through their banks before they ever even use the system. Sometimes this happens with stolen credit card information.
Your data is only as safe as you make it. The lesson here is that human error can be an even bigger threat to your business than a malicious hacker.
Data Security: How to Protect Your Business
You can mitigate these risks by educating yourself and your employees on best practices regarding data security. Whether you have three employees or 300, set password guidelines and ensure company compliance.
Use a tool like 1Password, or at least change your passwords regularly. Don't share passwords, don't write them down, and don't save them anywhere outside of your head. Implement a plan for deleting accounts in the event that you terminate an employee.
If you work in an email-heavy environment, beware of phishing attempts and avoid clicking any links that seem out of the ordinary—they could be malicious. If you frequently discuss sensitive customer information over the phone, run a security check before discussing accounts. Consider implementing extra security measures (like requiring a PIN or directly dialing back a caller). Refuse to disclose passwords over the phone.
As with most infamous hacker incidents, social engineering played a prominent role in the celebrity photo leak, as well as other hacks in the past year. Hackers love calling a business and pretending to be someone else to gain access to your data. Make sure employees are up-to-date on the latest phishing techniques.
My Business Doesn't Have an IT Department
Even if you run a small business without a designated tech person, you still need to make security a top priority. Treat your data as you would your cash. Your data is valuable, and it's important that you and your employees acknowledge its worth.
As a small business owner, never store personally identifiable data classified by PCI compliance. Several tools and services exist that are better funded, more secure, and capable of accommodating working with customers without retaining that information.
Think about how you handle sensitive online data. When customers terminate relationships with you, what kind of information do you retain? How do you delete what you don't keep?
If you haven't thought these questions through, take the time to inventory your online assets and hire an outside vendor to perform a security audit.
The celebrity photo leak attracted so much attention because people realized they, too, could become victims of a data breach. These concerns continue to grow, as we've seen with the massive OPM breach and its increasing victim toll. By building the proper safeguards, you mitigate the risk of your business falling prey to a similar crime. Respect your data and educate your employees on how to protect it.
Daniel Riedel is the CEO of New Context, a systems architecture firm founded to optimize, secure, and scale enterprises.
|Do you have a comment or question about this article or other small business topics in general? Speak out in the SmallBusinessComputing.com Forums. Join the discussion today!|