Franchise Update Magazine Issue II, 2017 | Seite 42

CYBER
SECURITY
BY EDDY GOLDBERG
IT CAN’T HAPPEN HERE (UMM, YES IT CAN!)
May 13, 2017: “Computer-security
agencies across the globe Saturday
raced to contain the cyber pandemic
that spread from a global attack...”
(Wall Street Journal)
May 16, 2017: “Wanted: Chief infor-
mation security officers with board-
level management skills, tech knowl-
edge, and low blood pressure.” (Wall
Street Journal)
W
hile the threat of that par-
ticular attack appeared to
be subsiding a few days
later, variations were still a
possibility—and new, future attacks are a
certainty, whether from state-sponsored
hackers, cybercriminals, or teenagers out
to impress their friends.
No company likes to publicly report a
data breach, but these days it seems they’re
in the news daily. The reason is simple: it
reflects badly on the brand as a whole if
a customer’s data is compromised—even
if it was the mistake of a single low-level
employee in a remote back office. In 2017,
no brand, company, or government is safe.
It was a hack of the NSA that unleashed
May’s massive ransomware attack.
We could try to scare you—for your
own good—into acting yesterday to pro-
tect your customer and corporate data by
publishing a list of the dozens of franchise
brands, from restaurants to hotels, that
reported data breaches in the past few
years. Instead, we’ll focus on what we’ve
learned about how to practice safe com-
puting, whether it’s at the point of sale,
over a mobile device, online ordering, or
from as-yet undiscovered attacks.
We spoke with a cross-section of people
involved in cybersecurity and franchising
to learn about clear and present dangers
and how to safeguard your data—and that
of your customers!
40
Franchiseupdate ISS U E II, 2 0 1 7
Layers of security
and something as basic as ensuring the
And we found the perfect person: Ar- server room is locked.
mando D’Accordo, a franchisee and area
2) Standardization. The importance
representative for CMIT Solutions, which of using the same equipment and con-
manages IT systems for small businesses. figuration cannot be overstated, from
With his own territory in Long Island and hardware selection to installing antivi-
responsibility for 10 franchisees in New rus software—and keeping it updated.
York City and Long Island, he hears a lot “We educate everyone on how impor-
about the cybersecurity worries keeping tant that is—no exceptions, not even the
SMB customers up at night.
boss,” he says.
One big picture shift he’s seen is the
3) Layers of security. It’s not enough
evolution of MSPs (managed service pro- to have just antivirus software installed
viders) to MSSPs (managed security ser- on every computer, he says. There’s also
vice providers). Months before the recent antispyware, spam filters, and two-factor
“WannaCry” global attack, his newsletter authentication (a new hot item he says
warned specifically about ransomware that is now affordable for SMBs).
and cited the following statistic: “Barely
“These three things are really im-
one month into 2017, cybercrime is al- portant,” he says. “You can have all the
ready making headlines…. 2016 shattered technology, but if your employees are not
all previous data breach re-
trained to be really careful
there’s not much we can do
cords, with more than 4 bil-
lion records compromised
about it. With phishing and
worldwide.”
social engineering, it’s like
Many, if not most, secu-
having a bouncer at the door
rity experts expect each year
who lets everybody in.”
to set new records as both
Centralized control
the number and sophistica-
MJ Worsham is the corpo-
tion of hackers and attacks
continue to rise. In the face
rate IT manager for The
of this onslaught, one of his
Plamondon Companies, the
mantras is “layers of security.”
franchisor of Roy Rogers
D’Accordo recommends Armando D’Accordo Restaurants. He oversees all
three actions franchisors can take to mini- aspects of technology for the company,
mize the chances that they’ll be victims from internal networks to PCI compli-
of a data breach (note that the first has to ance and POS management, including the
do with people, not technology):
recent integration of the Roy’s Rewards
1) Training, both initial and ongoing, loyalty app.
for all employees. With a new client, he
First, he says, educate your staff about
says, “We will have a lunch-and-learn ses- the things they can control—most impor-
sion to explain the system we put in place tantly, their own actions. But someone’s
and ask employees to sign that they un- bound to slip up,