Data breach. Identity theft. Cybercrime. These are all buzzwords individuals and businesses living and operating in the modern world have become familiar with. If you haven’t yet experienced a breach of your personal data, you know someone who has.
Three of the top 15 metropolitan cities for identity theft reports are in Michigan, according to 2017 information from the Federal Trade Commission, as shared by the Michigan Attorney General’s website.
Recognizing October as National Cybersecurity Awareness Month, Lawrence Technological University hosted a special event as part of the WWJ Newsradio 950 Leaders & Innovators Series on the morning of Thursday, Oct. 17 on their Southfield City Centre campus.
WWJ’s business editor Murray Feldman moderated a panel discussion about cybersecurity with Colin Battersby, counsel in the Data Privacy and Cybersecurity Practice Group with McDonald Hopkins in Bingham Farms; Brad Gramlin, director of enterprise sales for Comcast Business; and David Derigiotis, corporate vice president with Farmington Hills-based insurance broker Burns & Wilcox.
Your data is out there
The conversation ranged from the prevalence of data breaches in organizations from financial to social media to the danger of intermingling of personal and business passwords, to the “industry” practices of data thieves that hijack files for ransom.
“How many of us have a phone we use for email?” asked Derigiotis, who is also the author of Parental Advisory: How to Protect Your Family in the Digital Age of Identity Theft & Data Breaches. “We all communicate electronically with our corporate or personal email accounts spread across so many sites. Some are critical, like banking, but we use the same email address for Facebook or Instagram.”
Email is a constant target, said Derigiotis, sharing that 2.8 million emails are sent every second of every day, and many are spam. One click or one opened attachment exposes us to ransomware or data theft, he said.
One piece of advice offered is to always use a separate, anonymized email address for functions where security is critical, like banking, rather than having one email address that is used for everything from social media to credit card accounts. And be smart about your passwords, said Battersby.
“The corporate best practice is to change your password every 90 days,” he said. “People are now using pass phrases that are easy to remember and not likely to be guessed. There are different ways to manage your passwords, but keeping them secure is key.”
Once captured, data points are widely available
The discussion included a live demonstration in which an audience member’s personal email address was scrutinized to see if personal data had been accessed without her knowledge. When her address was entered into a site called Have I Been Pwned?, she recognized some companies she has done business with, but many others she has not. “Pwned” is the industry term for being “owned,” or otherwise a victim of data breech.
The exercise, while initially disturbing, highlighted the common business practice of aggregating data and making it available to anyone who can pay for it or steal it. Organizations collect as many different data points on users as possible – including our pet preferences, where we live, if we rent or own our homes – all useful information from a marketing perspective. But once gathered, the information is easily compromised.
Protecting the small business
For small businesses, compromised data can cause big problems, the experts said. When data thieves steal personal and credit information about customers or literally kidnap the data system and render it unusable until ransom is paid, the effects can be devastating.
If this happens to a small business, they have three choices, said Battersby. “They can start over with new data, they can restore from backup, or they can pay the ransom,” he said. Often in the range of $5,000 to $10,000, the ransom demanded could be up to several million dollars.
“We have seen this happen here in Michigan in the healthcare industry,” said Gramlin. “The threat of ransomware is keeping IT professionals up at night. It’s the bogeyman for them. Especially in the small business, the removal of ransomware is not easily negotiated, Often it takes a week or two and there is a huge loss of productivity.”
Businesses of any size can preempt these problems by having a robust incident response plan in the case of data breach, the experts said. Then practice using it, similar to a fire drill. A good place to start is to make sure backups are taking place, and that the data is accessible.
“This is a conversation I have monthly with the reps in the three states I cover. Too frequently, backups don’t happen,” said Gramlin.
Learn about future series events at LTU and listen to the full cybersecurity program as a podcast at WWJ Newsradio 950.