Business Cyber Security

You might have seen the recent news article about Marco’s Restaurant and Lounge’s experience with outside hackers tapping credit card machines and stealing card numbers from customers. Customers have had accounts wiped out and there is question around how firewalls and encryption software were breached.


They aren’t alone. It seems as though there are countless stories of laptops stolen with critical and confidential customer information on them, credit card machines being hacked and personal information being compromised.

While speaking with someone who works in company security, I learned that one of the easiest ways hackers are getting beyond firewalls, hacking networks and sharing viruses, is by dropping a thumb drive outside the entrance to a business. Some nice and unsuspecting employee will pick up it up, plug it in his/her computer in an effort to find out who it belongs to and bam…they’ve loaded the contents of the thumb drive onto the network.

I’ve been told that this is 75% successful so it’s a good reminder to educate employees on this type of hacking.

I, along with my colleague Steve McDonald, attended the Indiana Cyber Security Conference this year. One speaker, Dr. Eugene Spafford - Purdue University Professor and CERIAS (Center for Education and Research in Information Assurance and Security) Executive Director, shared that next year marks the 25th anniversary of the first general computer virus that gained traction. Then, 120 viruses in 1990 and today - a whopping 40-50 THOUSAND viruses are reported daily (hundreds per minute), and the situation is getting worse. We try to stop damage once the virus is identified but we need to find ways to act proactively.

Several of the conference speakers talked about the importance of processes and policies to support a business cyber security strategy but everything came back to a common point – people are the most important part of the strategy. It is people that mess things up typically, not the process or the technology.

As an employer, it is important to remember that the most important piece of your security strategy is your people. Pre screening, compliance monitoring and performance reviews, training, and ongoing education will help keep your team alert to potential cyber security threats.

This was Amy Hershman's last conversation with Bill Taylor.