Originally printed and published by the Knoxville News Sentinel on Sunday, September 09, 2012
Security check: Businesses must be diligent in combating cyber crime
By Carly Harrington
Sunday, September 9, 2012
When Tyler Fogarty’s laptop was stolen from his car earlier this year, the Knoxville Realtor feared he’d never see it again.
In one fell swoop, the thieves had six years worth of client information and access to his email, not to mention personal photos, videos and a file listing all of his various passwords.
“It’s the worst feeling in the world. I had just considered it gone,” Fogarty recalled.
These days business owners and professionals are equipped with an increasing supply of gadgets that can easily contain personal information, proprietary data and intellectual property.
As they become more reliant on technology to conduct business, they also become more vulnerable to crime, according to security experts.
For Fogarty, the lesson could have been a hard one. His laptop was recovered after Allevia Technology owner Stefan Wilson was able to surreptitiously place a tracking agent, Prey, through remote access software that had previously been installed.
Once connected to the Internet, the agent engaged the laptop’s web-cam sending Wilson screenshots and photos of the thieves, one of whom had been on Facebook. He forwarded them to the police who retrieved the laptop less than two days later.
“It changed the game instantly,” Fogarty said. “It was unbelievable.”
Wilson, who is now talking to Fogarty about backing up his data, has started recommending the software to clients.
Still, one of the biggest mistakes people make is using simple passwords.
“You’ve got to have a complex password. People groan at me. ‘You mean I’ve got to throw another special character in there,’ ” Wilson said.
To drive home his point, he uses an example of a person who makes their password hint the answer to “What is the name of your dog?” That person will then get on Facebook, their account open to public to view, and there’s a picture of them and Fido.
“Just like that, I’ve got the dog’s name,” Wilson said. “You don’t think of that level of interconnectedness, but if I’m smart I can pretty easily figure this stuff out. It’s really incumbent on the individual to just think, if I was going to hack myself what would it look like.”
Jason Graf, a security consultant with Sword and Shield Enterprise Security, said such issues can be a challenge especially for small businesses in a growth spurt. It’s not unusual to see small- to midsize businesses have their server in a closet and not being backed up because they’re focused on running the business.
“Everybody is susceptible to be put in a bad situation,” Graf said. “For a small business, the most important thing is to have someone you can trust, inside or out who can weigh these risks vs. rewards.”
For example, Graf points to a program like DropBox, a file-hosting service that allows users to access data on multiple devices, where an employee is possibly moving data between a work computer and a personal laptop that may not be encrypted.
Solutions don’t have to be complex, Wilson said. It can be as simple as providing education or training orientation.
When a company can’t spend thousands of dollars preventing breaches, they can spend more time on educating employees, he said.
“Small businesses often devote little time on how to interact with the system and emphasizing, ‘Don’t click on this email,’ ” Wilson said. “Things like that go a long way.”