The timely January debut of “Privacy in the Age of Big Data,” a book co-authored by Charlotte residents Theresa Payton and Ted Claypoole, landed Payton on ''The Daily Show with Jon Stewart'' last month.
And while the Target hacking attack has many people worried these days about the safety of their personal information, Claypoole likes to point out that the issue of cybersecurity is always on trend.
“The battle between the cyberpolice and the cybercriminals is an eternal struggle,” says Claypoole, an attorney who leads the privacy and data management team at Womble Carlyle Sandridge & Rice. “You have to think about where (you’re) vulnerable.”
Payton is a former White House chief information officer and founder of Charlotte-based Fortalice, a security, risk and fraud consulting company. The duo also wrote “Protecting Your Internet Identity: Are you Naked Online?” which published in 2012.
The hackers who stole millions of customers’ credit and debit card numbers from Target during the holiday shopping season shows the issue of card security is not going away. It also illustrates how all types of businesses – even small companies and retailers – are at risk, Claypoole says.
Here are Claypoole’s tips on what small businesses should do to protect themselves:
1. Realize that being smaller doesn’t make you less of a target. Hackers that are pulling off these attacks are professionals. They know it’s a lot easier to break in through an area that’s unprotected. “They are more likely to go after the small- and medium-size businesses” if that’s easier, Claypoole says. “There will be plenty to steal.”
Also, small businesses may be vulnerable because of the vendors they use. So a hacker may not pick your coffee shop, but rather target the payment processor who handles your customers’ credit and debit card numbers – as well as thousands of other mom and pop shops.
2. Know where all of your “cyberdoors” are – and close them off. It was reported last week that the Target hackers may have used a third-party vendor – a Pittsburgh-area heating and refrigeration business – as the back door to get in. The theory illustrates how cyberthieves gain access through connected computer networks.
Your point-of-sale system, or what used to be called a cash register, could make your business vulnerable to an attack. Many people have it connected to their computer system for record keeping. But there are ways hackers can tap into those systems.
“When you set up your system, you have to make sure you close all those cyberdoors, and close them well. If the key to your system is encrypted, but your encryption is 12345, or your password is ‘admin’ … it’s like closing the door, but not locking it when you leave.”
Also think about which computers actually need to be connected to the Internet, Claypoole says. Consider storing information that is critical to your business on a separate computer that’s not connected.
“Really big companies keep that in mind and have a lot of computers that are not connected to the Internet,” Claypoole says. “It’s a strategy that many small businesses don’t think about.”
3. Keep an IT expert at the ready. Claypoole recommends that every small business keep a data security specialist on call, who can come to your business to check on problems and offer advice on what kind of protection you need.
4. Be aware of ransomware. Versions of this malware get into your computer by clicking on an attachment. One version, called CryptoLocker, locks up all your personal files unless you pay the hacker a fee, typically less than $100. “It’ll say ‘You have this many hours … if you don’t (pay) then we’re going to destroy everything on your computer.”
“Getting one of these can be a huge problem,” Claypoole says. “You’re probably better off as a small business bringing a professional in” – or getting a new computer.
5. Protect yourself with cloud backup. By having data automatically stored in the cloud, you can protect your files from ransomware or other attacks. “If you got malware today, you can go back to yesterday, or before, and get all your files back if you saved them on the cloud.”
Just be careful that you don’t bring back the malware, Claypoole says.
The Associated Press contributed.