Rush to the “Cloud” may well bring on stormy weather and loss or fatal compromise and exposure of critical, sensitive information to prying competitors/hackers.
By John Pellegrin, July 2017
It seems that not a week goes by where there isn’t a headline in the papers, feature story on the evening news, or splayed all over the Internet as to the latest “hack” or cyber-attack on not just business entities’ computers/systems/data an record-keeping infrastructure, but government agencies’ and private citizens’ computers. The common thread in cybersecurity is that while hackers will probably gain access to your computer systems if they are determined enough, the trick is to not only make it more difficult for them, but to try to minimize potential damage.
Constant Vigilance is the Watch-Word. Recent cybersecurity seminars/conferences have emphasized constant vigilance and engaging experts/consultants to plan for, monitor and analyze threat levels, as well as advise on and protect users’ systems. No entity is immune from these intrusion attempts. Internet search engines, major hotel chains, international companies and government agencies have all had their customers’ and accounts’ sensitive information compromised or stolen. Hollywood film depositories have been targeted before films’ release, as well as Sony and Disney movies being hacked before release, held up to extortion and when they did not pay such ransomware demands, the movies’ release over the Interned resulted in huge losses. Even government computer systems are not immune from this menace – witness hacking of the IRS.
“No entity is immune from Cybersecurity intrusion attempts... the trick is to make it more difficult for hackers and try to minimize damage"
Human Factor is the Bette Noire in Cybersecurity. The main problem and solution to cybersecurity is the “human” factor; i.e., human error/misplaced trust. To counter this, entities should engage in on-going employee/executive training to remind all executives and staff to remain vigilant, report any suspicious email requests without opening potentially deadly email/Internet links, safeguard and systematically change passwords, prohibit the linking up of personal computers to the entity’s system, and avoid “offers” looking too good to be true. Hackers will try to gain entry to your system through legitimate-looking emails appearing to be from reputable companies or trusted vendors/contacts– ones the recipient deals with routinely, including Amazon or Google. Even the guise of the IRS is used as a stalking horse or ruse for these miscreants to try to gain access and install malware, stealing and/or corrupting valuable information and data.
Legal/Regulatory Issues. Whether law enforcement should be called in after a seemingly successful breach probably depends on the nature/severity of the attack/results. The Cybersecurity Act of 2015 and proposed Small Business Cybersecurity Act of 2017 (http://www.congress.gov/bill/115th congress/house-bill/2105) are two of the government’s responses to this menace. The Federal Communications Commission (FCC) is also looking for more robust ways to interdict this growing and ever-present scourge.
Bottom line/curbstone suggestions: Never send credit card, Social Security, date of birth, Medicare/Medicaid or other personal information (Personal Identifiable Information -- PII) by email or as an attachment to an email; rather, either mail via U.S. Postal Service, fax, or telephone such sensitive information to trusted representative recipients. Alternatively, robust encryption of any emails and attachments containing sensitive information should be mandatory, as well as comprehensive non-complete/non-disclosure agreements and documents, for unfortunately there is also the possibility of cybersecurity threats from within by employees – wittingly or unwittingly. On-going employee training/education is critical.
If someone requests sensitive information, it is your responsibility to verify the person has a valid need to know, they are who they say they are, and to do some background checking. If someone legitimately requests sensitive information, you should securely encrypt it with a password and then before sending such, first send the password via a separate channel; e.g., a text message. You could then simply zip encrypt the data using Winzip or Zip.
Final Take-Aways: Remember, there are myriad scams/come-ons, fear-mongering techniques that would-be hackers use to gain access, including malware, ransomware and other technical subterfuges, some of which will probably be profiled in future posts on Pellegrin’s BriefCase. Readers’ experiences/comments are welcome.
Pellegrin’s BriefCase SM/©
Volume I, Issue #1, July 2017
Author’s Background and Caveats: ADVERTISING MATERIAL. The author has a robust IT/IP legal practice and is available to assist on the cybersecurity legal front, as well as serve as an expert witness in certain situations. Either singularly or in combination with cyber technical experts, he is well positioned to represent entities in various forums and before various government agencies. We craft appropriate documents to curb/prevent IT/IP misuse/theft. Nothing contained in Pellegrin’s BriefCase is to be taken as the last word on this subject nor relied upon as legal advice; rather, the author’s comments on emerging trends in business and prescient decisions in the law and government regulations/interpretations/policy are meant to make the reader more aware of trending issues and risks.
Law and Business Consulting Services. Under John D. Pellegrin, P.C. we view our role as legal counsel being essentially to “define the scope of the risk” for the client. John also serves as Of Counsel to the law firm of Allred, Bacon, Halfhill & Young, PLC. He balances this full-time practice with active involvement in several community-based organizations and activities. These include serving as Chairman/At Large Commissioner, Fairfax County Small Business Commission; Rotary Club of West Springfield; Boy Scouts of America; National Eagle Scout Association; MVLE, Inc.; various Chambers of Commerce; and the Purveyors Club. He has been recognized and honored with several awards over his lengthy legal career and community involvement, including a recent Community Champion Award – Springfield District; Rotary’s Vocational Services Leadership, Distinguished Service, and President’s Awards; and Chamber’s Prism, Corporate Citizen, and Membership Awards; and a communications Golden Receiver Award.
Pellegrin’s BriefCase is a Service Mark (SM) of John D. Pellegrin, P.C., and its contents are copyrighted ©, with all rights reserved. Pellegrin’s BriefCase/blog may be re-posted or commented on if appropriate attribution is given this author.
Comments on/submissions to Pellegrin’s BriefCase are always welcome.
Pellegrin’s BriefCase SM/©
Volume I, Issue #1, July 2017