October is National Cybersecurity Awareness month. We want to remind all of you to stay safe out there! Whether you’re checking in with friends or managing work tasks, it pays to be vigilant. We spoke with our internal security expert, Mike Costanza, about protecting your personal and professional information online. Read on to understand more about the current threats, identifying security conscious businesses, and our top tip for protecting yourself online.
Q. In your opinion what is the biggest cybersecurity threat right now?
A. Employees using their own devices at work. BYOD have become extremely popular in many business, but it opens up some of the critical infrastructure and areas of the business to attack. To protect against this, make sure any device allowed on the corporate network has end-point management software installed, and any guests in the office should be on a separate network with no business resources on it.
Q. Facebook has recently announced another security breach, how is it that these big businesses seem to be so vulnerable?
A. Many of these large companies deal with several hundred vendors. Many times, the breaches occur around that relationship. Some account or exposed service is exploited and then data is retrieved by bad actors. For large scale web applications like Facebook, there are thousands of developers and millions of lines of code. Performing code security checks on all of it is a daunting task, and even though these companies make every effort, sometimes they do not discover vulnerabilities before a bad actor does. That’s why many of these large companies offer “bug bounties” to ethical hackers. The hacker is rewarded for finding the weakness, and the company can fix it before it turns into a breach. Unfortunately, the skills of the good guys and bad guys are evenly matched, so in many cases it’s a race to see who finds the exploit first.
Q. How can we be sure businesses we interact with are taking security seriously?
A. One of the best ways to ensure that a business and the vendors it uses are adopting good security posture is to ensure they carry a SOC 1 and SOC 1 type II audit like Restaurant Magic does. Audits like these are performed by independent third parties and ensure that there are adequate controls on security and change management procedures at an organization.
Q. What are some of the newest tools and technology that businesses use to protect data?
A. Any business working on the world wide web should have upgraded its public facing servers to use the latest authentication protocol. PCI Data Security Standards v3.2.1 requires TLS 1.2 security protocol for HTTPS communications. All Data Central transmissions are done over TLS 1.2. Data should be encrypted at rest using whatever database engine feature allows for this. Lastly, Personally Identifiable Information (PII) should be always encrypted to ensure that even if an attacker did somehow get a dump of data, it would be unusable data for them.
Q. Where do you go to stay up to date on the latest news on cybersecurity threats and security practices?
Q. What is your Number 1 tip for staying safe?
A. For an individual, make sure you have different passwords for every online site you visit and use 2-factor authentication on critical sites like financial (bank sites), email (Gmail, Yahoo, iCloud), digital storage (Google Drive, OneDrive, iCloud) and business communication sites (LinkedIn, twitter). For businesses, ensure all devices have endpoint management software (and Antivirus) and that there is a real firewall in place between your network and the internet.