Your IT security exposure is scarier than you think: But that may mean opportunities for Southwest Virginia
By Scott Robertson
So one day you’re reading your email at the office when you notice a message at the bottom of the screen saying, “This account is active at another location.” The next screen shows an IP address, which you look up, only to find that someone in Lagos, Nigeria is sending messages from your account.
First, change your password. That very second. Next, notify everyone you know that the email is not from you, and that their accounts may be compromised if they open it. Then pray, because IT security breaches are potentially disastrous. Ask the Sullivan County businessman who found himself and all his employees locked out of their computers until they agreed to pay ransom to the offshore hackers who had taken control of them. Ask the small businesspeople across the nation who have gone out of business because of the cost of complying with government regulations on how to handle such a disaster.
A recent cyber security seminar hosted at the Inn at Wise by Travelers Insurance, South-West Insurance, the Wise County/Norton Chamber, Mountain Empire Community College and the University of Virginia-Wise offered information and a great many words of caution to attendees.
Lynda Jensen, senior claim counsel for Travelers told the roughly 100 businesspeople in attendance that hackers are far from their only security breach threats. “Unauthorized access to, and/or acquisition of protected data can come via hacking, via a lost or stolen device such as a laptop or cellphone. It can come from inadvertent transmission of data or by the actions of a rogue employee. It can come from malware or virus. It can even come from third-party negligence.”
And if that shopping list isn’t troubling enough, what happens once a breach occurs is downright scary. Let’s say your computers had account information regarding your customers, clients and vendors from across the country. Your business must be able to prove that, as quickly as possible, it made a reasonable effort to let all of those entities know of the breach, and that their information may have been compromised.
That doesn’t necessarily sound too onerous until one considers the fact that your business must follow the definitions of “as quickly as possible” and “reasonable effort” set by each state in which any of those customers, clients or vendors may have been at the time of the breach. In other words, if you have a client in California, you may have to inform them within a certain number of days via telephone, while Nebraska may require only an electronic notification within a month. It’s on you to find out where all your customers, clients and vendors were at the time of the breach. Then it’s on you to follow the laws of those specific states. The regulators, one seminar attendee noted, can shut you down easier than the hackers.
Jensen’s advice was to do everything you can to demonstrate you have taken reasonable precautions before anything happens. It may or may not help against the hackers, but it will help against the regulators.
Sam Wolford of GENEDGE told the seminar attendees that the next generation of attacks will come from what’s known as ‘the Internet of things,” devices such as medical implants, smart TVs and cars that have chips that can access a network. The guys in the black hats can use those to access your network for nefarious purposes. The infamous Target hack was accomplished by hackers who broke into the network through the HVAC system.
The local opportunity
The hypercrowded IT marketplace in northern Virginia makes starting up a small cybersecurity company almost impossible. So on July 22, the governor’s office announced the signing of a memorandum of understanding between UVA-Wise and the MACH37 cyberaccelerator. Under the agreement, UVA-Wise will operate the Oxbow Center for Technology and Innovation in St. Paul. The Oxbow Center will serve as an accelerator for small cybersecurity start-up companies, with UVA-Wise and Mountain Empire Community College offering their own students courses that will prepare them for work in the cybersecurity field.