Privacy, Security, Hacks, and Leaks

by

Know Your Enemy:

As a CEO it is important to understand what potential digital threats my organization may deal with. Knowing my “enemy” allows me to know what actions I must take in order to prevent these threats from happening. One potential digital threat is DDoS (distributed denial of service) attacks. A DDoS attack “will send multiple requests to the attacked web resource – with the aim of exceeding the website’s capacity to handle multiple requests… and prevent the website from functioning correctly.”(Kaspersky, n.d.). With a DDoS attack, my site would be essentially unusable. Getting hit with a DDoS attack could negatively impact my organization reputation. An example of this would be the Amazon Web Services attack in 2020; it lasted three days. A second digital threat is spyware. Spyware is a form of malware and is a “malicious software designed to enter your computer device, gather data about you, and forward it to a third-party without your consent.”(Kaspersky, n.d.). Having malicious spyware on my e-commerce website would be a serious issue concerning users privacy. Users of the e-commerce site would be entering personal information and spyware would lead to their login credentials, email addresses, and credit card information getting stolen. Phonespy is an example of this. It “pretends to be a mobile application to gain access to and infect Android mobile devices.” (Zola, 2022).

Another digital threat to my organization is ransomware. Ransomware “prevents or limits users from accessing their system, either by locking the system’s screen or by locking the users’ files until a ransom is paid.” (Trend Micro, n.d.). My organization sells approximately $1 million in goods each year which, while not the most, is enough to potentially receive ransomware. “According to Sophos’s The State of Ransomware 2022 report, ransomware attacks affected 66% of organizations in 2021, a dramatic year-over-year increase of 78% compared to 2020.”(Proofpoint, n.d.). Although ransomware is mainly about money, the attacker would have access to private data and could potentially leak it if the ransom is not paid. In 2016, there was a ransomware attack called Jigsaw that made an image of Jigsaw (from the Saw franchise) pop up and would delete files each hour that the ransom went unpaid (Kaspersky, n.d.). Additionally, a big reason for digital threats is actually internal human error. My organization is more likely to have it’s data breached because of a lack of cybersecurity awareness. A common human error that can lead to a digital threat is using public Wi-Fi. When employees use public Wi-Fi they don’t know who potentially now has access to there data. This is because public Wi-Fi can be unsecured which makes it more vulnerable to digital attacks (Haan,2023).

Finally, bad software security like employees failing to update their devices is a reason for digital attacks. If their devices aren’t updated it leaves the software susceptible to an attack. Also, when employees purposely disable security features they’re potentially compromising the security of the whole system (NVITS, n.d.). If the system is compromised them my organization is compromised.

Know Yourself:

My company has a number of digital systems in place.  The three physical stores have handheld point of sales systems that allow servers to take customer orders and accept payment for their bills at the table (toast, n.d.). Another important system in place include “order and pay at the table”.  This option allows customers to scan a QR code to access the menu, place their orders, and pay for their orders all from their cellphones (toast, n.d.). As our kitchens continue to streamline processed we have also upgraded from the chefs receiving paper ticket orders to kitchen display screens.  This allow for more efficiency and accuracy from the kitchen to the table. For those customers interested in take out orders, we have touchscreen point of sale terminals (toast, n.d). This allows for a quicker order taking process, accuracy of ordering and the ability for the customers to pay and tip quickly with the use of a credit card, apple pay, cashapp, etc.  When it comes to our e-commerce marketplace sells a mandatory function includes marketing and the actual website infrastructure that powers the e-commerce marketplace. 

The digital processes, systems and functions that are currently being used in my physical restaurant and e-commerce marketplace business have a bigger chance of being exploited or manipulated because everything is digital.  This means there is an increased chance of hackers getting into the company database and getting access to personal credit card information of customers or the business bank account numbers. There is also the possibility of phishing scams corrupting the systems in my business (Rosenburg, 2019). For example, if a staff member opens an email with malware while on the company’s network, private financial data can be obtained and the whole system can be locked up.  The more digitized business systems are the more susceptible they are to cybercriminals. 

Develop Your Strategy:

In today’s society security threats are everywhere, both in person and online.  One of the most important things I can do for my company is to develop a security culture.  A security culture will include ongoing security training and the understanding that security is the business of everyone in the organization (Romeo, 2023).  Afterall, it’s not computers but people who create security threats whether they mean to or not (Romeo, 2023).Therefore, it is important to limit access to business databases and to use secured passwords and multifactor authentication systems (Federal Trade Commission, n.d). Another important way to keep my business safe is to back-up important data and to have a recovery plan in case I experience a ransomware attack (DeCarlo, n.d.). As another safety layer, I will work with my IT staff to make sure critical data is encrypted and all firewall protections are up to date and working properly (DeCarlo, n.d.). 

 

 

References:

Kaspersky.(n.d.). What is a DDoS Attack? – DDoS Meaning. Kaspersky. https://usa.kaspersky.com/resource-center/threats/ddos-attacks

Nicholson, Paul. (2022). Five Most Famous DDoS Attacks and Then Some. A10.                                        https://www.a10networks.com/blog/5-most-famous-ddos-attacks/

Rosencrance, Linda. (2023). Top 10 types of information security threats for IT teams. TechTarget. https://www.techtarget.com/searchsecurity/feature/Top-10-types-of-information-security-threats-for-IT-teams

Rosenberg, J. (2019). Cybercriminals manipulate their way into company computers. The New York Times. https://www.nytimes.com/aponline/2019/09/04/business/ap-us-smallbiz-small-talk-cybersecurity.html

Toast. (n.d.). The most important types of restaurant technology and hardware.                                             https://pos.toasttab.com/blog/types-of-restaurant-technology

Zola, Andrew.(2022) Top 10 Spyware Threats. TechTarget.                                                      https://www.techtarget.com/whatis/definition/Top-10-Spyware-Threats#:~:text=PhoneSpy%20is%20an%20example%20of,and%20infect%20Android%20mobile%20devices.

Kaspersky. (n.d.). What is Spyware. Kaspersky. https://usa.kaspersky.com/resource-center/threats/spyware

Romeo, C. (2023). Six ways to develop a security culture from top to bottom. TechBeacon.                            https://techbeacon.com/security/6-ways-develop-security-culture-top-bottom

Federal Trade Commision. (n.d). Start with security: A guide for business.                                                                   https://www.ftc.gov/business-guidance/resources/start-security-guide-business#start

DeCarlo, A. (n.d.). The top 10 network security best practices to implement today. TechTarget. https://www.techtarget.com/searchnetworking/tip/The-top-10-network-security-best-practices-to-implement-today

Kaspersky. (n.d.). Ransomware Attacks and Types – How Encryption Trojans Differ. Kaspersky.              https://usa.kaspersky.com/resource-center/threats/ransomware-attacks-and-types

Haan, Kathy. (2023). The Real Risks Of Public Wi-Fi: Key Statistics And Usage Data. Forbes. https://www.forbes.com/advisor/business/public-wifi-risks/#:~:text=One%20of%20the%20biggest%20risks,your%20devices%20without%20you%20knowing.

Trend Micro.(n.d.). Ransomware. Trend Micro. https://www.trendmicro.com/vinfo/us/security/definition/Ransomware

Proofpoint. (n.d.). What Is Ransomware. https://www.proofpoint.com/us/threat-reference/ransomware

hse.(2023) The Dangerous Role of Human Error in Cybersecurity. Hornetsecurity.                       https://www.hornetsecurity.com/us/security-information-us/human-error-in-cybersecurity/

NVITS. (n.d.) Human Error Threats and How to Prevent Them. NVITS. https://nevadaitsolutions.com/prevent-human-error-threats/

Leave a Reply

Your email address will not be published. Required fields are marked *