By Steven J.J. Weisman
BOSTON — We all are aware of the dangers of identity theft and many of us do our best to protect ourselves individually from the dire consequences of having your identity stolen. But what about your radio station? Does it even know that there is a problem?
Recently we have learned that both The New York Times and the Washington Post had their computers hacked into by Chinese hackers and this was not the first time. The hacking into The New York Times and the Washington Post do not appear to be financially motivated, but that is of little solace.
Why would an identity thief hack into the computers of your radio station rather than attack the computers of big corporations such as Bank of America. Well, the answer is that they are attacking the computers of the big corporations, but they also are looking toward the computers of small corporations as the low hanging fruit of computer hacking. Hacking into the computers of radio stations and other small corporations that may not be in the Fortune 500 not only can provide information that can be stolen to access your radio station’s bank accounts, but it can also provide personal information about employees, such as Social Security numbers as well as billing and payment information about your advertisers and other companies with which you do business that can be used to make all of these people and entities victims of identity theft. This is happening to small businesses every day. One of the reasons that it is happening is that not enough businesses, small and large, but particularly small, are doing enough to safeguard the security of the data in their computers.
But the problem is not as bad as you think. It is far worse. Recent studies have shown that the present computer security software only catches about 5% of the viruses being used to attack companies and individuals. Security software did not save The New York Times or the Washington Post and it may not save you.
Studies have shown that 40% of small and medium sized businesses have inadequate computer security. A major source of your company’s vulnerability comes from viruses that are welcomed in by employees surfing the internet and unwittingly downloading keystroke logging malware that can read all of the information in the company’s computers, yet many companies do not even have policies in place dealing with employee internet usage. If your employees are going on their Facebook pages at work, you potentially have a problem.
So if you haven’t taken the steps to protect your radio station from hackers and identity thieves, where do you start? Here are 10 steps to help you start the process.
1. Take an inventory of the data that you collect and hold;
2. Inventory how you store this data and who has access to the data;
3. Make a commitment to encrypt your data;
4. Install and constantly maintain Firewalls and security software;
5. Educate your employees about phishing and how to safely conduct themselves online;
6. Consider limiting access to sensitive information to computers not readily accessible by all employees;
7. Utilize and regularly change passwords;
8. Cross shred all documents to be disposed of and destroy electronic records being disposed of.
9. Follow the FTC’s Red Flag rules for businesses
10. Train your employees to identify breaches and regularly monitor your accounts for fraud.
It is important to remember that data security is not a goal, it is a process you must continue as long as you operate your business.
And just in case, you think that radio stations won’t be targeted, it was more than 20 years ago in 1990 that Kevin Poulson hacked into the phone lines of Los Angeles radio station KIIS-FM and won a Porsche in a contest. More recently in Australia two hackers took control of a radio station’s website causing great embarrassment to the station.
Some have likened my dire predictions of identity theft in radio stations to just being a modern day Cassandra, the prophet of doom, however, I must remind you – Cassandra was right. Anyone taking the problems of hacking and identity theft too lightly does so at their own peril.
Steven J.J. Weisman, a practicing attorney, is a senior partner in the talent management firm Harrison Strategies, LLC. He is also legal editor for TALKERS magazine and publisher of the website www.scamicide.com. He can be e-mailed at: firstname.lastname@example.org. Steven J.J. Weisman is available as a guest to discuss the subjects of identity theft and scams. Meet Steven J.J. Weisman at TALKERS New York 2013 on Thursday, June 6.