Cybersecurity: Protecting the castle

[vc_row css_animation=”” row_type=”row” use_row_as_full_screen_section=”no” type=”full_width” angled_section=”no” text_align=”left” background_image_as_pattern=”without_pattern”][vc_column width=”2/3″][vc_column_text]

Businesses might want to think twice if they think hackers wouldn’t be interested in targeting their business or they have little to lose.

Michael Scheidell, chief security officer for C3 Cloud Computing Concepts, gave an update on some of the latest dangers and how to avoid them at an event sponsored by the South Florida Manufacturers Association. It was held at JC White, a commercial interior design and products supplier in Miramar.

Think about the worst thing your competitors could get, Scheidell said. How about your customer lists, the discounts given to certain customers, a list of vendors and what you pay them for products? Then, there’s the danger of payroll and banking information getting exposed.

The ripple effect could be customers deciding they would rather do business with a more-secure company if a hacking event happens. Scheidell said he has closed accounts at a couple of banks in the past few years because their network security is lax.

In one instance, he was working with the Secret Service on a payroll issue and they watched as $48,000 disappeared from an account.

“Now, they call the bank and the bank should have been able to stop it and get it back immediately. But the bank screwed around and said, ‘Well, no, you did it. You did it. You did it.’ And it took three days for the bank to finally decide that there were 17 people throughout the United States, connected to that client’s account at the same time taking money out,” Scheidell said.

One stunning statistic is 76 percent of businesses that have been hacked don’t know that’s happened until law enforcement tells them.

In one high profile case, Citrix Systems, the biggest software company in South Florida, disclosed that hackers penetrated its networks for five months, making off with financial data on contractors, employees and job candidates.

The FBI told Citrix that the hackers apparently used a number of common passwords to penetrate the company.

Scheidell said he did an audit at one company and found 22 percent of the active passwords were “Password1,” including an administrative account.

“You don’t need a hacker. You just need employees that aren’t paying too much attention,” Scheidell said.

If a company gets hacked, he warned that the FBI can take all of its computers, especially if they were used to hack into other people’s computers.

Data networks can have vulnerability in ways many business people would overlook. For example, printers on a corporate network have a port that could be hacked. Someone could type in text and the next time checks are printed, an extra one is slipped in, ready to be mailed to the hackers.

Companies need to be careful about vendors who have access to their system. One of the most widely publicized incidents involved the hacking of Target, where the information of 110 million customers might have been compromised. One of its vendors, an air conditioning contractor, fell victim to a phishing attack and then malware was able to get the credentials to log into Target’s system. Ultimately, Target’s point of sale system was compromised.

“We just did a simulated phishing attack against a law firm—Harvard-educated lawyers, college degrees—you know, 24 percent of them either clicked on it or downloaded the attachment to see what was in it?” Scheidell said.

RSA, one of the biggest names in computer system, was hacked because a vendor was allowed to access the system without the usually required key fob.

“So, somebody came in, stole all the software for it, was able to break into Boeing, was able to break into the Department of Defense. And six years later, the Chinese had a stealth fighter that looked an awful lot like the one that we’re building,” Scheidell said.

To help avoid falling victim to the cryptovirus, which can encrypt and freeze system access, it’s important to make backups and then make sure they are not connected to the system, Scheidell said. Hackers look for the backups on networks to encrypt them.

Sometimes, hackers don’t or can’t unencrypt systems even if a ransom is paid.

It’s also important to think about what’s sent via email, which is typically unencrypted. Don’t email sensitive data, such as a financial spreadsheet, he said.

Beware of open Wi-Fi hot spots because they could be set up by a hacker posing as a business and collecting your data as it flows through.

Think of what might happen is someone’s phone is lost, stolen or duplicated.

There are too many instances of imposters posing as someone who has lost their phone and getting a SIM chip that let’s them take over somebody else’s phone service.

One strategy to combat hackers is multifactor verification, but Scheidell suggests avoiding text-based verification since someone who has stolen your phone identity will get the text. An alternative used by many companies is answers to pre-chosen questions.

Try not to use passwords or verification answers that would be easy for someone to guess, such as the name of pets posted on Facebook. Scheidell recommends using three to four random words.

When it comes to online sites, Scheidell said to look for online addresses that have “https,” which is the secure version of “http” addresses.

Try to use technology on your phone to make purchases, such as Apple Pay or Google Pay, which create a temporary virtual card, he said. Avoid swiping your card because the magnetic strip too often has all the information to duplicate your card. An unethical worker could be hiding a card skimmer in their pocket.

Similarly, don’t leave the flag up on your mailbox with bills that include checks, which have all your account information.

To secure their systems, companies should look at firewalls and web filters. The latter prevent employees from going to nonbusiness websites where hackers are more likely to lurk. “Some of these less secure websites are loaded with hacks, attacks and malware,” he said.

Realize the seriousness of getting hacked, he said. A credit card company could actually stop you from taking credit cards, Scheidell said. There’s even the risk of criminal liability and jailtime, especially if you are storing health care data.

Companies should carefully examine where their most important data is stored, which Scheidell calls “the crown jewels.” Get a machine that matches the machine that holds the data and test how long it takes to do a restore from a backup. Then, calculate the per-hour cost of being knocked off online, he said. In one case, C3 was doing testing for a pharmacy company that used a third-party service to look up domain names.

“We found problems with it and they called the manufacturer, who said, ‘Oh, no, it’s secure and we know more than these guys.’ They were a big Fortune 500 company,” Scheidell said. “Three months later, every one of these domain servers all throughout the country got hacked and knocked offline. And the pharmacy was not able to ship anything for three days, and it cost him a lot of money.” ♦

[/vc_column_text][/vc_column][vc_column width=”1/3″][/vc_column][/vc_row]

You May Also Like
Miami Virtual Reality Studio Launches Game on Meta Quest

AEXLAB is a pioneer in developing cutting-edge software utilizing virtual reality technology to create an unparalleled combat game.

Read More
Boca Raton Innovation Campus Reveals Six New Leasing Agreements

Four new tenants will join the technology center.

Read More
Cinch I.T. Sets Sights on Fort Lauderdale for Business Expansion

Cinch I.T., a rapidly growing I.T. service provider in the U.S., is planning to expand its support network in various new markets across the country, including Fort Lauderdale. As the

Read More
Cinch I.T.
Levan Center Hosts Successful South Florida Innovation Day

The facility is focused on three themes: innovation, technology, and entrepreneurship.

Read More
Other Posts
New AI Software and Tech News Source Launched by Miami Company

Neon Flux has established itself as a top-performing player in incubating and accelerating digital brands.

Read More
New Partnership Paves Way for Miami-Dade’s First Virtual Production LED Studio

It will be the largest in South Florida, offering immersive real-time environments, Unreal Engine, and in-camera motion tracking and rendering.

Read More
Amerified Launches in Miami to Aid Discovery of U.S. Manufactured Products

The main goal of the tech start-up is to support and enhance the acquisition of construction and infrastructure goods.

Read More

Drew Limsky

Drew Limsky



Drew Limsky joined Lifestyle Media Group in August 2020 as Editor-in-Chief of South Florida Business & Wealth. His first issue of SFBW, October 2020, heralded a reimagined structure, with new content categories and a slew of fresh visual themes. “As sort of a cross between Forbes and Robb Report, with a dash of GQ and Vogue,” Limsky says, “SFBW reflects South Florida’s increasingly sophisticated and dynamic business and cultural landscape.”

Limsky, an avid traveler, swimmer and film buff who holds a law degree and Ph.D. from New York University, likes to say, “I’m a doctor, but I can’t operate—except on your brand.” He wrote his dissertation on the nonfiction work of Joan Didion. Prior to that, Limsky received his B.A. in English, summa cum laude, from Emory University and earned his M.A. in literature at American University in connection with a Masters Scholar Award fellowship.

Limsky came to SFBW at the apex of a storied career in journalism and publishing that includes six previous lead editorial roles, including for some of the world’s best-known brands. He served as global editor-in-chief of Lexus magazine, founding editor-in-chief of custom lifestyle magazines for Cadillac and Holland America Line, and was the founding editor-in-chief of Modern Luxury Interiors South Florida. He also was the executive editor for B2B magazines for Acura and Honda Financial Services, and he served as travel editor for Conde Nast. Magazines under Limsky’s editorship have garnered more than 75 industry awards.

He has also written for many of the country’s top newspapers and magazines, including The New York Times, Washington Post, Los Angeles Times, Miami Herald, Boston Globe, USA Today, Worth, Robb Report, Afar, Time Out New York, National Geographic Traveler, Men’s Journal, Ritz-Carlton, Elite Traveler, Florida Design, Metropolis and Architectural Digest Mexico. His other clients have included Four Seasons, Acqualina Resort & Residences, Yahoo!, American Airlines, Wynn, Douglas Elliman and Corcoran. As an adjunct assistant professor, Limsky has taught journalism, film and creative writing at the City University of New York, Pace University, American University and other colleges.