Who doesn’t dream of robbing a bank? But this is the real world, so you need to scale it down a little. You don’t really rob a bank, there’s too much security, too much heat. Instead, you rob a convenience store. It’s not as much cash up front, but it’s more likely to go your way, and those small jobs add up. And even if you get caught, it’s less prison time than sticking up banks.
In cyberspace, criminals already think like that, which is why your small company and its private records of customers and employees are all in such danger. For every data breech of a Target or Ashley Madison that makes world headlines there are dozens of attacks on small and medium-sized companies no one outside the company hears about.
This, of course, doesn’t mean these smaller-scale attacks can’t be devastating. A hack of a homepage can be costly if you take payments through it. It just means these small jobs are safer to pull because security is lighter at small companies.
So just where in all this does your iPhone come into play? Simple — in today’s workplace, where every employee carries mobile devices they use to access company records and databases, bringing our own technology to work can put any company at as much risk for a breech as it can boost that company’s productivity.
For Michael Markulec, getting through to smaller and mid-sized companies about what happens when cybersecurity is an afterthought is a prime concern. Markulec is a partner at Pennington-based Harbor Technology Group. Most of his job is spent considering just how easy it is for shady people to get into your system and walk away with armfuls of information tailor made for the black market.
He will join Jim Bourke form WithumSmith & Brown to present “Bring Your Own Device: How Technology is Changing the Modern Workplace” at the Princeton Chamber on Tuesday, October 11, at 7:30 a.m. at Springdale Golf Club. Cost: $40. Visit PrincetonChamber.org.
Born in Trenton to an accountant mother and electrical engineer father, Markulec earned his bachelor’s in mechanical engineering from Norwich University in 1987. With degree in hand, he had two options — go sit behind a desk in an engineering firm or join the Army as a combat engineer and “blow up stuff.”
He opted for the fun one and spent almost five years in the Army as an engineer officer. In 1992 he started his engineering life in the civilian world with Pirelli Cables, then moved on to engineering-related sales positions for a few years. Markulec joined Lumeta in 2001, becoming CEO by 2010. At the end of that tenure he also became a member of the Hopewell Township Committee and served as mayor. He is also a member of the Hopewell Township School Board. He got into cybersecurity by 2013 and soon started Harbor Technology Group.
Critical assets. Small and mid-sized companies don’t have the cash flow of a major multinational. This creates two problems. There’s the obvious one of not being able to afford fancy, airtight cybersecurity systems, but there’s also an intangible, Markulec says. A lot of smaller companies develop the belief that they are under the radar, that no one would go after, say, patient records at a nursing home that employs fewer than 100 people.
But criminals are drawn to these companies for that very reason. That sense of “we’re not worth it” is the same one convenience stores have that banks don’t.
The good news, Markulec says, is that small companies can actually do a lot to deter cybercriminals. It begins by identifying critical assets, such as your intellectual property or client and employee records. Once you know what they are, firewalls, backups, anti-virus programs, and network passwords can be excellent, cost-effective protection.
The value of information. So why, a non-crook may ask, would anyone want my record of a visit to the doctor? Well, basic identity theft can be rather lucrative.
“There’s a black market for this information,” Markulec says. “Just a credit card number might be worth a couple pennies; a credit card with an address can be worth $20. But a medical record on the black market can be worth thousands because they can bill against it.”
If someone gets your full history, they can set up dummy billings and soak insurance and patients for a lot of money, Makulec says. When they move on, you’re left with damaged financial history and the business the information was stolen from has potentially hundreds of thousands of dollars in damages to contend with.
One solution most smaller companies overlook, Markulec says, is data breech insurance. Larger companies protect themselves, but smaller companies often don’t consider it, though they should. Even if it won’t help prevent a breech, he says, it will help you settle the financial fallout.
BYOD. Today’s workplace is of the bring-your-own-device culture. Employees at all types of companies use their personal devices to help them work. And, often, companies give employees mobile devices to do their jobs and use personally if the need arises.
People being people, Markulec says, they don’t think about the end-to-end problems that could come from someone giving her eight-year-old son her work tablet in the car on the way home from school. Companies, however, should be thinking end-to-end, because that little boy is on a device connected to a business network. And if he manages to get online and find a game to play, for example, he might be opening up the network to the wrong people.
One new trend, Markulec says, is called CEO phishing. Criminals get into a CEO’s email (that they often learn from Google or a hacked employee’s email account) and learn things like the boss’ travel schedule. Then they set up wire transfers to net some quick cash while the CEO is busy doing travel things.
Keeping devices in secure networks is pivotal to keeping all devices and the network itself safe. The point is, don’t get complacent in your thinking.
“Sixty-two percent of all cyberattacks are against small and medium-sized businesses,” Markulec says. “Why don’t people rob banks? Because it’s hard, so they rob a convenience store.”