When Site Strategics CEO Erin Sparks spoke with special guest Arlie Harman, Chief Information Security Officer at BraunAbility for episode 322 of the EDGE of the Web podcast, they talked about how to achieve security in the digital age. Here’s what we learned:
Big Tech and Data Privacy
Here’s an old statement but it’s still true today: If you don’t know what the product is, then you’re the product. If you’re using a service and you’re not paying for it, just understand that the service provider has to monetize it in some way. If you want to communicate with friends and family and share pictures and do all those sorts of things, then you need to have a social media platform like Facebook. But you also have to understand that the data that you put in there or the activities you do while having the Facebook app installed on your phone or computer is going to feed back into the company running the platform.
But the flip-side is that greater regulation is in order, whether it’s something like the GDPR in Europe or the version California is working with, the CCPA. But there still isn’t a universal cyber regulation, nor a universal breach notification. All 50 states have different types of breach notification rules on how long it can be before you’re told that your data’s been compromised. And it varies by industry as well – different standards for healthcare, different standards for credit card data, New York has its own standards for financial institutions. Arlie does think that poorly-written regulations are worse than no regulations at all.
Consumers have a responsibility to know what they’re getting themselves into, but there’s also the corporate responsibility side of the equation. Companies should tell their customers and users in plain English what data they’re collecting and how they’re using it, and if they’re sharing it with anyone, letting users know how they can guarantee those other companies will treat the data in the same way. And users should always have an ability to opt-out. And opting out should mean that the company literally turns over all the data it has on you so you can take it with you and do with it as you please. But if they gave you all your data, would it be in any kind of format a regular person could even understand? Probably not. Most people don’t even bother to read “terms and condition” before hitting the accept button.
For a long time, oil was the most valuable commodity on the planet, but now the most valuable commodity has become data. Now, being targeted for specific types of marketing ads is one thing, but what’s much scarier are how the platforms are being manipulated into propaganda machines that actually threaten the integrity of elections and democracy itself. The fakery that’s happening out there for these purposes needs to be thoroughly outed so people know what’s going on. We’re already further down that rabbit hole than anyone cares to admit. And the results are profoundly unsettling. When you have a razor-thin election, it’s not like the manipulators have to swing 51% of voters in a mass influence campaign – they only need to nudge it a very small percentage one way or the other by 2% or even less.
The Digital Security Threats of Today
Packet Sniffing: Think of “packets” as the way data gets moved around physically on the internet or any digital network. Packet Capture or PCAP is when you interrupt the flow of data traffic on a digital network to eavesdrop or even modify the data. And the tool you use to do this is called a “packet sniffer.” When bad hackers do this, it’s called a man-in-the-middle attack. Going back to the previous discussion of VPNs, a VPN is a man-in-the-middle company you’re opting into for greater privacy in your web browsing. You better hope your VPN is trustworthy because they can see everything you do.
Phishing is when you send people emails that seem to be legitimately asking you for personal data or getting you to click through to a website (with malware) or open an attachment (with malware). Phishing is called “Whaling” when you’re targeting executives at companies. And it’s called “spear phishing” when you target specific individuals, such as the system engineers of a particular company you find on LinkedIn and you go after them at home in order to work your way back to their company.
Ransomware like CryptoLocker and others are various forms of digital extortion. The bad hackers are holding your systems and/or information hostage by locking you out of your systems or encrypting all your data until you pay a ransom.
Arlie once got a call from an executive who said he’d received an email that talked about compromising photos taken from his laptop, and they had a password as well. Aside from wondering why this executive seemed so nervous about the incident, Arlie pressed him about the password, which turned out was not for the website in question but for another website. This means the scammers got lucky with “credential spraying” or “credential packing.” The hackers take a bunch of those most commonly-used passwords and plug them in to see if they get lucky.
For all these different scams, an ounce of prevention is worth a pound of cure. What this means is have an incident response plan and exercise it, knowing what you’re going to do when the crisis hits. Making sure you have good quality backups and you’ve put thought into your business continuity and disaster planning so you don’t have to fall victim to extortion. Create a plan by starting with the kinds of attacks described above. If a scammer were to send an email to someone in our organization, what would be the worst thing that could happen? For anyone who has the ability to send cash outside the organization, then you need to make sure they understand what they should be doing. You have an emergency plan at home for fires and storms, active shooter plans in schools and companies, so have a cybersecurity breach plan as well.
Connect with Arlie Harman and BraunAbility
Twitter: @BraunAbility (https://twitter.com/BraunAbility)
Facebook: @braunability (https://www.facebook.com/braunability)
Site Strategics and Your Digital Marketing ROI
Is your investment in digital marketing paying off? We can help you find out how you’re really doing with a Digital Marketing ROI Report from EDGE sponsor Site Strategics that examines your existing SEO, content, social media, and PPC. Visit https://edgeofthewebradio.com/roi/ to get 30% off a comprehensive review of your digital assets!