How does your business manage its networks and systems? While many business owners recognize the importance of cybersecurity, in the Internet-of-Things era, it now means having a system in place to monitor and protect the connected devices that are becoming ubiquitous in the business world.
Consider the amount of data you store – whether it is personal, employee, or client-related – and recognize that any of that data is valuable to a hacker, typically a person who has patience, resources, and time on their side. While media reports and movies would have us believing that these cyber attacks are large scale events, accessing company data often doesn’t happen with a brute-force attack on an encrypted firewall, but in a subtler fashion, through connected devices, smart appliances, or the digital assistant that is “always on”. Remember the Target hack from 2014? That attack came through a remotely accessed HVAC system, as well as through the connected cash registers, and caused up to $420,000,000 in losses associated with the security breach.
Recently, news came out on Spiral Toys, makers of the very popular CloudPets connected toy for kids. Over 800,000 of these were sold, on the premise that parents could remotely record messages for their children, as well as monitor activity via web-enabled hardware embedded in these cuddly stuffed animals. According to news reports, the digital data – over 2,200,000 recordings – was stored unsecured online by the company, along with user data and other sensitive personal information, and was held not once but twice by hackers for ransom. Another connected device, the VTech Learning Lodge which is a mini-computer for children, was hacked and exposed over 6,300,000 names, birthdays, genders, and photographs of kids. Other connected toys including My Friend Cayla, and the Hello Barbie doll, have also been suspected of having security issues, or have been removed from the market altogether for those flaws. “Big Kid” toys like the iWatch have also been shown to be a security risk.
Within your business, there are ways to improve your cybersecurity and protect your sensitive data and access points. You can begin by installing and activating firewall or anti-spyware protection on all of your business systems and mobile devices. Many systems even have firewall included that can easily be activated in your settings. Make sure your operating systems are regularly updated and patched as OS programmers often use these updates to push security patches for known bugs or flaws they find through the normal course of the software development process.
It is also smart to secure your wireless connection. If you were to check any wireless router or access point, the WPA2-Personal and AES options should be selected in its configuration. These are the most secure when it comes to current wifi-connected devices. The exception is WPA2-Enterprise, which is often used by businesses and needs interaction with your IT department to implement. The other options that you may see: “WEP”, “WPA-Personal”, and the “TKIP” option, while once adequate and applicable should no longer be used.
And use common sense – don’t make the wireless gateway password “password”.
As an always on-the-go entrepreneur you may be asking yourself, “who has time for this?” To which we would answer, “who DOESN’T have time for this”? One smart, and cost-effective, solution many business owners invest in and benefit greatly from are Managed IT services. These services are provided by an IT company that specializes in protecting your business’s data security with services like 24/7 monitoring, regular network vulnerability scanning, defined security protocols, advanced firewall protection, and automated patching.
Finally, it may be prudent to regularly examine the devices you already have in place, particularly older devices where support services may have already ended. Whether it’s phones and their apps tracking location, using push notification, or joining wireless networks automatically, or your connected devices from thermostats to trendy toys, the potential to open up vulnerabilities has become a major threat to the security and privacy of businesses and their customers.
To read more about ways to improve your cybersecurity, visit the Federal Communication Commission website – or contact SergeMD to arrange for a complimentary assessment of your network and security systems.