Sponsored

Search This Blog

Brian Luke Community Blogger, WGRZ-TV

Friday, May 26, 2017

Small Business are the first y line of Defense in Cyber Securit


NATIONAL: As we live in a society where ID theft, Credit Card scams and thievery occur on a daily basis, merchants are the first line of defense in securing a nation of consumers. Unfortunately some merchants take shortcuts and cheap fizes to save money. These shortcuts place consumers data at risk. Unfortunately the lax security of some allow criminals access. The employers are as guilty as the criminals in their complacently and professional indifference to security due to ignorance or greed. The hackers or criminals get the full brunet of blame, which is understandable, until the lax safeguards are exposed. Small businesses and family businesses  knowledgable abomay specialize in a certain product but not be able to analyse risk and understand risk. Someone may be making the best pizza, for example a family pizza place, but if that same family restaurant is tossing out their bank statements unshreaded, or repeating credit card numbers back over a phone where people can hear across a counter, things can happen. the fact of the matter is, with the economy the way it is more small busiensses will open, from UBER to Lyft to independent contractors we need to be cyber smart.

The Federal Bureau of Investigations has listed the crime of identity theft as a national security concern. What should should be done at the merchant level to ensure that they are a defender of customer service data as merchants are the first line of defense in the war against identity theft, some important issues are listed herein.

The Bureau states that “A stolen identity is a powerful cloak of anonymity for criminals and terrorists and a danger to national security and private citizens alike. For the FBI, identity theft is nothing new—we've been dealing with criminals faking IDs for decades, from check forgers to fugitives on the run. But the threat is more pervasive and the scams more sophisticated than ever, including online elements. The FBI uses both its criminal and cyber resources—along with its intelligence capabilities—to identify and stop crime groups in their early stages.”

Physical and Virtual Barriers

As a company grows a strong effort should be made to secure the workplace and require all individuals to pass through a central access point, and have their identity and business known by a trusted company representative, like a security guard, or receptionist.

The premidedator of the building may be covered by video cameras, but viodeo cameras serve as apassive manner of security to document after the fact.

All premiditer doors should be locked at all times and a pass key system should be established, where as a badge is needed to access a secsitive area of the building. The uise of a badge is easy to deactivate once a visitor leaves or an employee is terminated. Simply printing a 8 x 11 sign stating “ all visitors must report to the front door is not sufficient security in a world where individuals with a confident smile, wave and a clipboard can get into any building on Earth. This was clearly illustrated by Kevin Mitnic, security consultant, author of “The Art of Intrusion” by Mitnick and Simon, March 2005 and the “Art of Secption.” in October 2002.

Anyone who has studied cybersecurity and PCI compliance, it is good to remember that basic cyber security guidelines and P.C.I. Compliance guidence run pararell and in concert to keep consumers safe.

Some basic workplace security measures that should be deployed:

A. All employees dealing with customer sensitive and personally identifiable information (P.I.I.) should be trained in cybersecurity, anti-fraud. It is not enough to have one person whom has access to the processing gateway to be trained. In many cases, especially when new employees are hired, it is likely that training is rushed and poorly presented by an individual whom is not a certified trainer. personally

B. When customers call in, under absolutely no circumstances should credit card numbers be written down on paper. Nor should any customer information be placed in a standard garbage can. It is amazing that some employers in call center environments have separate trash cans for “Food Only” but no burn or shred boxes to shred all customer information that may be printed or written down.

  1. Customers should be forced politely to confirm their address or qualifier. Customer Service Agents should not volunteer any information. The incorrect statement would be “You still live at 123 Main Street, in Amherst, right?” This is obviously an example. The correct way to do this is “ To protect your account, can you please verify your address, please?”

Internal Controls

Once a visitor enters a building their access to critical operational areas of the property should be controlled. The use of tensabarriors, a portable barrier to indicate areas that are off limits, restricting access to floors that do not pertain to general public should be deployed and doors to internet commerce areas and channel sales should be locked.

All appointments should be made in advance and confirmed, any deviation in person who visits verses who made the appointment should be recorded and logged for future use. If patterns begin to form, it may be worth review.

Employee supervision is not enough. Once employees enter a workplace that contains consumer information, they should be required to lock their eprsonal belongings in a locker for the duration of their shift, and do not bring jackets, coats or portable media and cellular phones into the work area. Computer screens can be photographed and emailed with ease and thumbdrives containing malicious programs can damage mission critical equipment.

USB drives can be deployed from doing everything from hacking a safe, according to an article by J.Kirk on PCWorld, to converting a drive and hijack internet traffic, as per another article by theconversation.com

IT Problems and Trends

Your CRM or Customer Relationship Management software runs, on your computers, including credit card processing, so when the pc slows down, or completely shuts down, reboots, it may be a good idea to take it seriously. This is because the calls will still continue, and force the pc operator to write down credit card numbers while the pc reboots. Not a great idea. It is important to keep track of these tickers or pc issues, to determine if there is a trend, if it is time to upgrade software. If there is a problem with your Microsoft group policies or Microsoft Active Directory, then that is a serious problem, incolving the administrative rights and security settings in the registery or server on the network. If PC issues are not being repaired, and security issues are not being addressed, it may be a good idea to reassess the decision to have some tenty-something manage your IT. Reason being a customer service representative is only as good and only as safe with customer data as his or her tools allow them to be.

Users should lock their screens before leaving their cubicles.

Supervisors should receive basic security training, otherwise all they are doing is watching events unfold, forming their own opinions based on bad information and being blissfully unaware of possible cyber issues.

Losses from Logistics

Once a sales is made the product actually has to get to the customer and this is an interesting area to study called supply chain management. Orders electronically go to the wearhouse where differently skilled workers work off of manafests and pick and pack the products, load trucks. Occasionally, sometimes more than should be allowed, shipping labels “fall off” packages, Fedex or UPS or USPS labels get destroyed so products can not be found, or traced. The adhesive on a Fedex label is very strong and it takes a lot of sharpt marker to obliterate a tracer, but if a package label gets damaged or “falls off” then each and every occurance should be tracked, managed and trends should be investigated. Any missing shipments should be followed through with the appropriate carrier, or freight company. If an insurance claim is filed, it would be best to make absolutely sure the product is missing, as insurance fraud is a serious matter.

Employee Theft
If the shipments are going missing because of employees stealing your stock and blaming logistics companies, it should be investigated and those involved should be prosecuted. The cost of no-cost orders to make good shipments that were not received by customers are only part of the cost involved. There are costs to your brand in referecne to the value of the brand in the eyes of the customer and takeholder.
Companies, especially ones that are growing need to take great pause and understand that their security policy needs to include, PCI Compliance, Cyber Security and Physical Asset security, to prevent loss.

Brian Scott Luke, holds a Masters in Business Administration, Finance and Accounting, B.S. in Communications and Business from Buffalo State and is a Certified Risk Management Consultant. Mr. Luke has been reporting on Cyber Security for approximately five years and has worked for corporate and utility help desks throughout Western New York.

No comments:

Advertiser

NETC LRC News and Information

Advertiser

Technology Headlines

The TSA Blog

FEMA Blog

White House.gov Video Feed

NYSDOT Recent Press Releases

Indian Point Press Releases

Indian Point Nuclear Power Plant EAS Messages

Indian Point Nuclear Power Plant

New York State-Wide RSS

Department of Homeland Security News

Department of Homeland Security Podcasts

Erie County RSS Feed

Erie County Emergency Management

The Weather Channel: Your Local Weather Outlook--Niagara Falls, NY (14304)

FEMA: New York Federal Disaster Declarations

Niagara County RSS Feed

National Weather Service

Albany County RSS Feed

Allegany County RSS Feed

Bronx County RSS Feed

Broome County RSS Feed

Cattaraugus County RSS Feed

Chemung County RSS Feed

Cayuga County RSS Feed

Ontario County RSS Feed

Warren County RSS Feed

City of Toronto News Releases

US Consumer Product Safety Commission - Recent Recalls and Product Safety News

Center for Missing & Exploited Children: NY Missing

Lead Photos - U.S. Dept. of Defense

CBP.gov: Alert - Maritime - Gulf of Mexico Oil Spill

Contract - U.S. Dept. of Defense

Speech - U.S. Dept. of Defense

Transcript - U.S. Dept. of Defense

The Grill Sergeants

FBI Extra

NASA Breaking News

NASA Ames Research Center News and Features

NASACast Video

USGS Earthquake ShakeMaps

City of Toronto news releases, Emergency Medical Services

City of Toronto news releases, Fire Services

Speeches

Advertiser

City of Toronto news releases, Fire Services

Visitor Snapshot

Royalty Free Music.com News

RoyaltyFreeMusic.com Music Reviews

Automobile RSS Feed

Speed and Accuracy Statement

The information you find here is in the form of raw data, usually delivered via RSS feeds. The information is delivered via website in the most rapid manner possible. Usually this is the manner of delivery of information to media. Therefore, this service gets the audience information to the public more rapidly then any media outlet that has to re-write the information for their email club or SMS feeds.

In some cases, cases, from time to time, updates and correctons are offered by the authors of this information, Motioncenter.info is not responisble for the content of RSS feeds, press releases, or any other content. The content of the information presented is the responsiblity of the producer of the content.

There are many reasons for presenting the information as the page does. The public really never has had a view of the raw data before now. Most cases we see news packaged, polished and prioritized. This blog network offers a wide audience a variety of news, some of it is produced by Motioncenter and some by the government or other sources.

Read what you like, ignore what doesn't interest you, but at least Motioncenter doesn;t tell you what the news is, you choose.

Material Connection Disclosure

You should assume that the owner of this website has an affiliate relationship and/or another material connection to the providers of goods and services mentioned on this site and may be compensated when you purchase from a provider. You should always perform due diligence before buying goods or services from anyone via the internet or offline. THIS IS A BLOG. A NON-COMMERCIAL WEBPAGE At no time does commerce transact on this site. If it had then it would require a Secure Sockets Layer certificate and a merchant account. Being a non-commercial site there are some licensing privledges that this site will participate in. Mystuffnow is an online radio station broadcasting twenty four hours daily. This station can be bet described as a hybrid format of adult contemporary, international and ad popular music. In a sense it may, be compared to compared random radio format, but mystuffnow has three dedicated day parts. These day parts include a morning, evening and overnight separate music selection. The morning and afternoon have a selection of classic rock and current hot hits. To make the station more unique a new track, or tracks from the overnight day part have been added to make the station stand out from traditional stations that broadcast locally. The overnight day part is called “After Hours” and mimics the general principals of a quiet storm programming style where as there are fewer commercials and the music is more adult in nature, not just in lyrics but the music is more unique, offering international and slower tracks. This is meant for relaxation or whatever you may be doing in the late night hours. This station is run by computerized traffic software. At any moment a live deejay can broadcast and a morning show or news programming is possible, all playlists are run automatically. One positive of this is the fact that the software ensures that all artists get paid their royalties and this station avoids any fines for digital media issues. Update: Mystuffnow is currently off the air.

No Endorsement Statement

No endorsement is implied nor should it be inferred. No government agency, or organization has endorsed Motioncenter.Info. Motioncenter.info is a media organization with a mission of offering unbiased information as it becomes available, without any form of bias.

Privacy Policy

This is a website run by Group Speeddog Results Marketing, L.L.C... We take our readers privacy very seriously. Promotions through Third Party Merchants While this site is not endorsed or owned by any of the third party merchants appearing on this site, this site may at times receive various types of compensation when a viewer makes a purchase or clicks on a link appearing on this site. This site is not responsible for any claims or warranties associated with any third-party merchant link or website. This site does not directly collect any information regarding its viewers without your prior knowledge and permission; nor does it share their information with third-party vendors or merchants . It is not now, nor ever will be, our practice to sell your information to any third-party under any circumstance. We use third-party advertising companies to serve ads when you visit our website. These companies may use information (not including your name, address, email address, or telephone number) about your visits to this and other websites in order to provide advertisements about goods and services of interest to you. Google Advertising Cookie and Privacy Policies What is the DoubleClick DART cookie? The DoubleClick DART cookie is used by Google in the ads served on the websites of its partners, such as websites displaying AdSense ads or participating in Google certified ad networks. When users visit a partner’s website and either view or click on an ad, a cookie may be dropped on that end user’s browser. The data gathered from these cookies will be used to help better serve and manage ads on the publisher’s site(s) and across the web. *Google, as a third party vendor, uses cookies to serve ads on your site. *Google’s use of the DART cookie enables it and its partners to serve ads to your users based on their visit to your sites and/or other sites on the Internet. *Users may opt out of the use of the DART cookie by visiting the Google ad and content network privacy policy.