Franchise Update Magazine Issue II, 2017 | Page 42

CYBER SECURITY BY EDDY GOLDBERG IT CAN’T HAPPEN HERE (UMM, YES IT CAN!) May 13, 2017: “Computer-security agencies across the globe Saturday raced to contain the cyber pandemic that spread from a global attack...” (Wall Street Journal) May 16, 2017: “Wanted: Chief infor- mation security officers with board- level management skills, tech knowl- edge, and low blood pressure.” (Wall Street Journal) W hile the threat of that par- ticular attack appeared to be subsiding a few days later, variations were still a possibility—and new, future attacks are a certainty, whether from state-sponsored hackers, cybercriminals, or teenagers out to impress their friends. No company likes to publicly report a data breach, but these days it seems they’re in the news daily. The reason is simple: it reflects badly on the brand as a whole if a customer’s data is compromised—even if it was the mistake of a single low-level employee in a remote back office. In 2017, no brand, company, or government is safe. It was a hack of the NSA that unleashed May’s massive ransomware attack. We could try to scare you—for your own good—into acting yesterday to pro- tect your customer and corporate data by publishing a list of the dozens of franchise brands, from restaurants to hotels, that reported data breaches in the past few years. Instead, we’ll focus on what we’ve learned about how to practice safe com- puting, whether it’s at the point of sale, over a mobile device, online ordering, or from as-yet undiscovered attacks. We spoke with a cross-section of people involved in cybersecurity and franchising to learn about clear and present dangers and how to safeguard your data—and that of your customers! 40 Franchiseupdate ISS U E II, 2 0 1 7 Layers of security and something as basic as ensuring the And we found the perfect person: Ar- server room is locked. mando D’Accordo, a franchisee and area 2) Standardization. The importance representative for CMIT Solutions, which of using the same equipment and con- manages IT systems for small businesses. figuration cannot be overstated, from With his own territory in Long Island and hardware selection to installing antivi- responsibility for 10 franchisees in New rus software—and keeping it updated. York City and Long Island, he hears a lot “We educate everyone on how impor- about the cybersecurity worries keeping tant that is—no exceptions, not even the SMB customers up at night. boss,” he says. One big picture shift he’s seen is the 3) Layers of security. It’s not enough evolution of MSPs (managed service pro- to have just antivirus software installed viders) to MSSPs (managed security ser- on every computer, he says. There’s also vice providers). Months before the recent antispyware, spam filters, and two-factor “WannaCry” global attack, his newsletter authentication (a new hot item he says warned specifically about ransomware that is now affordable for SMBs). and cited the following statistic: “Barely “These three things are really im- one month into 2017, cybercrime is al- portant,” he says. “You can have all the ready making headlines…. 2016 shattered technology, but if your employees are not all previous data breach re- trained to be really careful there’s not much we can do cords, with more than 4 bil- lion records compromised about it. With phishing and worldwide.” social engineering, it’s like Many, if not most, secu- having a bouncer at the door rity experts expect each year who lets everybody in.” to set new records as both Centralized control the number and sophistica- MJ Worsham is the corpo- tion of hackers and attacks continue to rise. In the face rate IT manager for The of this onslaught, one of his Plamondon Companies, the mantras is “layers of security.” franchisor of Roy Rogers D’Accordo recommends Armando D’Accordo Restaurants. He oversees all three actions franchisors can take to mini- aspects of technology for the company, mize the chances that they’ll be victims from internal networks to PCI compli- of a data breach (note that the first has to ance and POS management, including the do with people, not technology): recent integration of the Roy’s Rewards 1) Training, both initial and ongoing, loyalty app. for all employees. With a new client, he First, he says, educate your staff about says, “We will have a lunch-and-learn ses- the things they can control—most impor- sion to explain the system we put in place tantly, their own actions. But someone’s and ask employees to sign that they un- bound to slip up,