Tuesday morning’s keynote speaker, Joshua Klein, gave a thorough and much-needed talk about a few of the opportunities being used by today’s cybercriminals and security researchers. The crux of the issue is the layering of technology promoted by modern systems. Highly connected systems can provide huge benefits to the efficiency of your business, but can quickly reach a point of unintended effects when not enough time is spent considering the side effects of systems in aggregate.
Edward Lorenz, father of chaos theory, said it best in the title of a paper: “Does the flap of a butterfly’s wings in Brazil set off a tornado in Texas?” This is what we’re learning, and it is actively taking place every day in a thousand ways. Back in 2012, Mat Honan lost his entire digital life when hackers took advantage of the mismatched security policies between Apple, Google, Amazon, and Twitter to hijack his accounts on all of the above.
But I’m sure you’re tired of the seemingly endless dark side of the Internet. Let’s talk about preventing it from happening to you. Fortunately, there is a simple guideline that will almost guarantee to protect you from the vast majority of attacks and attackers: Be a hard target. If you’re trying to rob a bank, you’re more likely to go after the one who doesn’t post a guard.
Get rid of “passwords”: Remove any single point of failure that can allow someone full access to your systems or services. In the security world, we call this “two factor authentication”. Anything that provides privileged functions should require verification of your identity and permissions by more than one source.
Identify the abnormal: Spend some time learning what “normal” access looks like, and build a profile around it. If you have employees, make sure they know what normal operations are supposed to look like, and can tell when something isn’t going how it should.
Act on a plan: It doesn’t help to identify a problem or authenticate everyone if you don’t have a plan for when it fails. Or for that matter, when the system fails. What will you do when the delivery person can’t provide any ID? Or when you discover an unauthorized person in a guest room? What happens when your list of vendors goes missing, or is out of date?
Review and adapt: Finally, the worst possible situation for a policy or a plan is to be one that exists in a vacuum. The real world constantly changes, new technologies are developed, new ways of using technology come out, and attackers are always getting smarter (or, at least, the tools get cheaper). You should be reviewing your approaches and your plans as often as you can. If you don’t know when the last review was, be the one to speak up. You might just spark a conversation and avoid a serious catastrophe you never saw coming.
Josh Baker is the Product Development Director of HandHeld Hospitality, a hospitality software company leading the way with innovative guest engagement solutions at an affordable price. His experience with big data, ubiquitous computing, usability design, and agile management provide a unique voice and vision to HandHeld’s product line.