2020 is turning out to be a fairly bizarre year, so it’s not surprising that with everyone doing everything online and trying to keep spirits up, Black Friday seems to be a bigger deal than usual.
Buying stuff is all well and good but the hysteria tends to take over. Shoppers can make mistakes online which open them and their important information up to scams, hacking and phishing. The Anti-Counterfeiting Group has some helpful advice to help avoid scams and fake goods here.
Companies, large and small, touting ‘super mega fantastic one-off discounts’ have a responsibility to protect their customers. But sometimes mistakes are made and today we’re going to look at what that means to small businesses and their customers when disaster strikes: data breaches and losses. We’ll look at how Digital Document Management Systems (DDMS) like ours can help avoid them, too.
Ask yourself. Would your business or personal finances survive?
In the news
There have been a worrying number of data breaches lately. Have you seen the headlines about big corporations including Booking.com, Expedia and British Airways?
Booking.com and Expedia made the papers earlier this month when improperly stored sensitive information opened millions of customers up to a huge breach.
A company called Prestige Software, responsible for the hotel reservation system these businesses use, was storing data from its Cloud Hospitality system on a “misconfigured Amazon Web Services (AWS) S3 bucket” that was open to attack. As far back as 2013. Yikes.
In October, British Airways ended up with a ginormous fine of £20m (yep, twenty million quid) from The Information Commissioner’s Office (ICO) for failing to protect the personal and financial details of more than 400,000 customers.
According to the ICO, BA broke data protection law. Afterwards, the airline suffered a cyber-attack in 2018 which it did not detect for over two months!
For customers, it’s very concerning. It generates a thought process along the lines of ‘oh crikey. I hope I’m not in that data breach. I mean, I’m probably not but I could be. Perhaps I won’t use that business again. Best change my passwords again’.
What’s worse is a lot of customers store their sensitive information on email. If fraudsters have access to your email and you’re one of those customers, you’re toast.
The point here is that if big corporations with sophisticated corporate IT infrastructure can fall foul of data breaches, all of us can. But that doesn’t explain the risks for small businesses, so let’s move on.
Small business, big impact
According to Verizon’s 2020 Data Breach Investigations Report, which lives here small businesses accounted for 28% of incidents this year.
“As remote working surges in the face of the global pandemic, end-to-end security from the cloud to employee laptop becomes paramount. In addition to protecting their systems from attack, we urge all businesses to continue employee education as phishing schemes become increasingly sophisticated and malicious.” Tami Erwin, CEO, Verizon Business, said in the report’s press release.
A lot of these breaches are complete accidents. The report explains that 70% are due to web applications and miscellaneous errors.
The big differences between the likes of British Airways and small businesses are cash and IT resources. The latter can’t afford to lose customers and their data.
Helpfully, Verizon teamed up with the Centre for Internet Security to bring us these tips to avoid data breaches which apply to any size of business:
Continuous Vulnerability Management —A great way of finding and remediating things like code-based vulnerabilities, such as the ones found in web applications that are being exploited and also handy for finding misconfigurations.
Secure Configuration —Ensure and verify that systems are configured with only the services and access needed to achieve their function. That open, world-readable database facing the internet is probably not following these controls.
Email and Web Browser Protection —Since browsers and email clients are the main way that users interact with the Wild West that we call the internet, it is critical that you lock these down to give your users a fighting chance.
Limitation and Control of Network Ports, Protocols and Services —Much like how Control 12 is about knowing your exposures between trust zones, this control is about understanding what services and ports should be exposed on a system, and limiting access to them.
Boundary Protection —Not just firewalls, this Control includes things like network monitoring, proxies and multifactor authentication, which is why it creeps up into a lot of different actions.
Data Protection —One of the best ways of limiting the leakage of information is to control access to that sensitive information. Controls in this list include maintaining an inventory of sensitive information, encrypting sensitive data and limiting access to authorized cloud and email providers.to authorized cloud and email providers.
Account Monitoring —Locking down user accounts across the organization is key to keeping bad guys from using stolen credentials, especially by the use of practices like multifactor authentication, which also shows up here.
Implement a Security Awareness and Training Program —Educate your users, both on malicious attacks and the accidental breaches.
It’s pretty simple really. Systems like ours give you complete control over who you share your documents with and how to store them securely. Ours is designed for small businesses, so it’s easy to use, doesn’t cost a fortune (many do!) and has all of the neat features you need.
If the office burns down (imagine!) or your ancient computer packs out, you aren’t going to lose all of your documents. They aren’t hanging around on a communal cloud for all to see and steal from either; they’re on our secure servers where only you can access them, and they’re easy for you to get hold of when you need them.
They aren’t open to tampering either, unlike emails. When you upload them, they stay as they are, where they are.
Better yet, your can invite your customers to share documents with you for free, because we’re nice like that. That helps them to be confident about doing business with you, safe in the knowledge that you take information handling seriously and are acting in a super secure way.
So, there you have it, small business leaders. Enjoy your Black Friday customers, but watch how you share their important information, keep it away from email, remember Verizon’s tips and get your document management system in order. We’re here to help!
Use the coupon code "staysafe" for a three-month free trial with us!