Okay, so once again—because it seems like news such as this is now just another weekly occurrence—another two million+ credit card numbers have been stolen. This time around it would appear that several major US restaurant chains have been the victims of a malware attack that started back in May 2018 and was just discovered in March 2019.
And though I’m not one for gloom and doom, in this case it’s a serious matter: anyone who has dined at Planet Hollywood, Earl of Sandwich, or Buca di Beppo may very well have a compromised credit card on their hands. In a recent statement from the respective restaurants’ parent company Earl Enterprises, the organization stated that the incident has been contained. Furthermore, people who paid for orders online through third parties need not worry as the malware was localized.
This brings me to my ongoing point about IT security. Not to sound flippant, it’s said that there are only two threats to businesses: those who work for you and those who don’t. In the case of the restaurants, there is speculation that it may have been an inside job—far from the dark recesses of the internet where people imagine nefarious hackers are hunched over their keyboards infiltrating the innocent from the outside. So, what’s a company to do?
Like all modern aspects of business, the digital age has made everything highly complex. From the need to meet customer expectations on a completely new and ever-connected playing field, to mitigating the risks inherent with being ever-connected—simply put, the game has changed.
When I look back on my previous life, one long before the days of Noble1, IT security was a very different thing. The main focus was the bad guys on the outside with a laser-like focus on the perimeter to stop the attacking forces at the gate.
But in the modern digital age, what is a perimeter? Gone are the days when people shut down their desktop computer at day’s end and went home, not to reconnect until the next morning. Now, people are connected to everything all the time. The idea that malware or any other flavor of malicious attack can simply be stopped at a single point of entry is ludicrous.
For instance, think about your own personal day. You probably connect to work in some way or another through at least three devices, if not more, and are connected with those devices for more than 12 hours each day. That can include your phone, laptop, a tablet, and so on.
Then, of course it’s what you connect to. There is work email, servers, applications, and so on—but that’s not where it ends. There is also social media, online shopping, websites, and more. All of these impact the same devices that connect to work—and vice versa. So what does one do to mitigate the risk of attack?
First, know who is connected to your network. Closely managing your Identity Access Management (IAM) practices and processes will ensure that only the right people have access to the right information at the right time—there is no need for a contractor from two years ago to still have server access, right?
Then there’s education. Make sure your people know the right and wrong ways to manage their accounts. And if someone does happen to accidentally click on a wrong link somewhere (human nature being what it is), make sure they know that they can report it without fear of being reprimanded, and that they know the required protocols to follow. And finally, make sure their passwords are real passwords—things that can’t be easily figured out through social media posts … pet names are the worst!
Of course, as for the millions of folks who had their credit cards compromised, there is a lesson there too. Whether it’s personal or corporate cards, due diligence is essential. I for one meticulously go through all my statements every month, and monitor payments through my banking apps to keep an eye on transactions. Stopping something before it gets out of hand can easily save the day—or, at the very least, a long, tough road in getting back lost funds.
The moral: If we live in a digital age where everything is connected, let’s make sure we are truly connected to our online lives. Turning a blind eye to our digital life is no longer an option. From the corporate world to Facebook and beyond—let’s all fight the good fight to inevitably stop the bad guys.