One of the key elements of operating a business that many people don’t like to think about is cyber security. It’s easy to push it aside and decide to deal with it tomorrow or, sadly, not at all. Suddenly, a security breach occurs and you’re wishing you had protected yourself.
Cyber security matters whether you’re running a software company or a knitting shop. Everyone is a potential target. It’s not the most fun part of running a business, but not paying attention to how you handle these matters can be devastating. In order to keep your company and yourself safe, consider these items:
ITEM #1 BEWARE OF THE USB
When President Trump met with Korea’s Kim Jong-un in Singapore, the temperatures soared. It was hot in Singapore. Journalists covering the summit each received an interesting gift bag that contained water bottles, a handheld fan featuring the faces of Trump and Kim, and a miniature electric fan. To cool off, all you had to do was insert the fan into your computer’s USB port. If this seems like a terrible idea, you are completely right. Think about it. A Chinese company had manufactured USB-powered fans that the government provided to reporters, what could go wrong?
The reality is that using USB devices is an extremely common method of gathering intelligence. If China altered these USB fans for spying purposes, it wouldn’t have been the first time. According to a Washington Post report, “In 2008, Russian agents planted virus-carrying USB sticks in retail kiosks around NATO headquarters in Kabul, Afghanistan, to gain access to a classified Pentagon network.” The frightening thing is that the countries that use USB devices to spy aren’t just targeting other spies. They’re also targeting average citizens like you and me. So, I wanted to share some basic precautions you should follow:
Don’t trust unknown devices: Never plug any type of USB device you didn’t personally purchase or doesn’t come from someone you know and trust into any of your personal devices. If you find some sort of USB device with the presidential seal on it or a giant sticker that reads TOP-SECRET INFORMATION, don’t let your curiosity get the best of you. Chances are you’ll regret it when your computer is infected with malware.
Purchase from reputable companies only: When buying USB devices, make sure to purchase them from a reputable company or manufacturer. I certainly don’t recommend buying one off Craigslist or eBay.
Don’t share: Be careful using the same device on multiple computers. Now, I realize the entire point of a thumb drive is to be able to move files from one computer to another. However, this is incredibly risky because you can cross-contaminate your computers if the USB device happens to be infected. For sharing files among different computers, I recommend using cloud storage because the cloud encrypts your information. Using a compromised flash drive, charging cable, or mini fan on different computers could infect all of them.
Use biometric authentication and strong passwords: Depending on the device, some USBs can be set up to require fingerprint authentication or a password. You should absolutely use these options on any device you can. This way if the device falls into the wrong hands, you won’t have to worry that someone will simply add malware and give it back to you, putting your information at risk.
ITEM #2 BEWARE OF SMART HOME AND OFFICE TECHNOLOGY
A thirty-one-year old Springfield, Missouri, man named Marcus decided to jump on the smart home bandwagon and change all of the devices in his house for more modern, high-tech versions. And I mean ALL. He didn’t just change a light bulb or two. Marcus spent thousands of dollars on thirty Phillips LED light bulbs, two Ecobee thermostats, eight temperature sensors to put throughout his house, and an August Smart Lock for his front door. But then there was trouble in paradise. When designing his smart home ecosystem, Marcus chose devices that were compatible with the Apple HomeKit. That way he could use his iPad as a voice-controlled base station for all his connected devices. For the first month, everything worked flawlessly. The lights in his home would gradually brighten after he woke up and he was able to unlock his front door as he approached.
Then one day, as Marcus was leaving for work, his neighbor stopped him in his driveway and asked if he could borrow a cup of flour. Of course, Marcus said, “Sure!” That’s when things went south. Marcus watched as his neighbor simply walked up to his front door and said, “Hey, Siri, unlock the front door.” Marcus’s front door unlocked. After the initial shock, Marcus tried doing the same thing multiple times to see if it was a one-time fluke or if it was truly that simple for someone else to get into his house. Unfortunately, each time he tried to unlock the door, it opened easily. The problem was that Marcus’s iPad was in his living room not far from the front door. The iPad could hear the neighbor’s command and it unlocked the door for him. The next day Marcus removed the smart door lock.
THE HUMAN FACTOR
To be clear, this problem was not caused by a security flaw with the iPad or the August Smart Lock. It happened because Marcus didn’t require a password on his iPad. If there had been a password, he would have had to physically go over to the iPad, enter the password, and then say, “Hey, Siri, unlock the front door.” Marcus admitted he didn’t do this because enabling a password would defeat the purpose of having smart technology in his home. The whole point was to be able to control things without having to physically do anything.
The fact is that many homes and offices these days are being equipped with smart technology. However, one of the biggest security risks when buying, selling, or even renting a home or office space these days is the vulnerability of this technology: what information you are exposing and if people can use it to get into your home or your office (or both if you work at home like I often do). Here are three things to consider whether you are buying, selling, or renting a home or office space with any piece of so-called smart equipment:
Inventory the devices. The first thing you should do when buying a new home or renting an office is inventory the smart technology devices currently installed. Decide what you want to keep and what you want to get rid of and immediately disable any devices you don’t want.
Remove old profiles. Most smart devices have a user profile that contains a log of the user’s information and habits. For instance, most security systems record when you come and go, which could reveal your work schedule or daily habits to a potential criminal. Also, if there is a monthly fee associated with any of your devices, call the monitoring company and ask them to remove your payment information when you sell the house. Don’t forget to submit the required documents showing a change of property ownership.
Update and reset. Whether you are moving in or moving out, update and restore all smart devices to their factory settings. Be sure to change all system passwords and user names upon taking possession of a new home. If possible, create unique passwords and user names for administrative accounts that are different from the everyday log-ins. Last, reset access and guest codes for home alarm systems, gates, and garage door openers. The last thing you want is to end up like Marcus where anyone could enter your home for a cup of flour—or something more.
Personally, I don’t have any smart devices in my home, which is also where I do a lot of my work. They’re just too easy to hack at this point. It’s a risk to my home and my business. And if the power goes out (or the entire grid goes down), I still want to be able to get in my front door and I don’t want my business to be compromised. Imagine not being able to issue commands to your home because your iPad is dead and you can’t charge it. In other words, I like to keep things simple and unlock my door the good old-fashioned way. Whatever you decide is right for your home and workplace, just be sure to be careful.
ITEM #3 BEWARE OF USING THE TRUTH WHEN SETTING UP NEW ACCOUNTS
You’re shopping online and find the perfect anniversary present for your wife. It’s a beautiful, handmade necklace sold by a mid-sized national jewelry manufacturer. You happily put it in your cart and start typing in the information to make your purchase. You’re asked to set up an account and you start adding your address, email, phone number, et cetera. Then come the typical security questions, like “What is your mother’s maiden name?” That’s when you should stop. Get ready to lie like a rug. How many times have you set up an online account and been asked pertinent information such as your birth date or mother’s maiden name? If you’re asked for this information when creating a new account—make it up! Just be sure to make up something you will remember if you ever need to recover your password.
The reason you should lie is that these details are easy to figure out using social media (this is also the reason you should be wary of what you post). Let’s say you post a picture of your mother. From there a hacker would be able to look at your mother’s social media accounts and they could easily find out her maiden name. Ultimately, you shouldn’t even use your name when you create an account. Instead, use another word you will remember, such as “Hawaii” or “peanut.” The fact is, a harmless social media post about a family reunion could turn into a big mess if the wrong person sees it and does a little bit of digging.
ALWAYS GO BACK TO BASICS
Don’t recycle: One of the best things you can do to keep your information safe is to use good passwords. Never reuse a password on multiple websites and be sure to regularly change your passwords on ALL of your accounts.
Say yes to two-factor: In addition, always enable two-factor authentication for logging into websites. This will require you to use another form of identification—such as entering a code sent to you by text message or email—as well as the password you created.
Use a manager: Another option to consider is using a password manager, such as LastPass. This will help you securely store all your different passwords for your online accounts.
Cyber attacks are easy to get away with and difficult to stop, which means they’re only going to increase. The thing is, cyber crimes are simply a numbers game. Hackers know that if they contact a large number of people, someone at some point will always take the bait. That’s the reason so many hackers are so successful and rarely get caught. The more you can do to secure your online accounts, the better. If you make it tough for hackers to penetrate your accounts and collect critical information, the more likely they are to move on to another target who isn’t as secure.
ITEM #4 BE AWARE THAT OTHERS ARE LIKELY LISTENING IN ON YOUR PRIVATE PHONE CALLS
Currently, an estimated 6 million people call the Washington, D.C., metropolitan area home. With a population of that size, it’s easy for people (and things) to blend in. Let’s say someone left a small item the size of a suitcase in an alley or under a stairwell. It would likely go unnoticed for a while. Well, that’s exactly what’s happening around our nation’s capital. Now, these aren’t just empty suitcases or bags belonging to homeless people. They aren’t homemade explosives either—thank goodness. They are small electronic gadgets designed to mimic a cellphone tower. In other words, these devices trick your phone into connecting to it instead of an actual cellphone tower, thus intercepting your phone call.
SOMEONE IS LISTENING
According to the Department of Homeland Security (DHS), these spying devices are a growing risk. They have been found in several high-profile areas, including near the Trump Hotel on Pennsylvania Avenue. The DHS warns that these devices could prevent cellphones from making 911 calls as well as intercept calls and messages. Even worse, authorities have confessed they haven’t determined who is operating them. Most likely, these devices are being deployed by foreign governments. Most U.S. government officials believe it to be either China or Russia. The bottom line is that we know that our cellphone communications are easily listened in on and that a massive amount of data is constantly being collected. In fact, I was recently talking to a former agency colleague who told me he assumes every phone call he makes is being monitored—and he’s probably right. That’s why I want to introduce you to three different smartphone applications that can encrypt your phone calls. For the sake of your privacy and security, I recommend using them—no matter where you live.
In this day and age, I would tell every American to act like there is always someone listening in on their phone conversations. With the spying that goes on these days, everyone is at risk—even if you aren’t a clandestine government employee.
I believe in empowerment. I believe in self-reliance. The truth is, we all have areas of our lives where we need more help than others. It’s been my experience that some entrepreneurs are reluctant to dig in and take care of their own cyber security. I hope this primer has shown you that some of the most basic and most important cyber security measures you can take for your company are easy to implement. You’ve worked hard to build your dream company, and you deserve it to be protected and safe from harm.
SELF-RELIANCE:
The Power Is in You
I’m grateful every day that I had the opportunity to work as an intelligence officer on behalf of the United States. I’m also in the unique position to continue working with former intelligence officers in my day-to-day work. I’ve shared many spy concepts with you, and I absolutely believe they will help you grow your business—but just remember that all of this boils down to one thing: You alone have the power to create, build, and grow the business you’ve always dreamed about. Spies in the field are the most self-reliant people out there. A deep commitment to self-reliance is what will keep your business moving ahead and thriving, even when facing obstacles that make doing so feel impossible. Intelligence officers face unimaginable situations, and in those dark moments the one thing they can always tap into is their self-reliance. You too must believe that you are capable and possess the right skills and experience to take care of yourself and survive at any moment.
I know that running a business can feel like climbing a mountain; it’s about putting one foot in front of the other, and often it feels like the journey will never end. Sometimes the climb gets easier, and you can even take a moment to stop and enjoy the view. And then it gets tough again. Those difficult moments are when we grow the most. They’re when we discover a new way to tackle a problem or find that we’re ready to embark on a new venture. As you’re moving forward, one step after the other, just remember that the power is in you. Self-reliance will give you the strength to get to that next positive place every time.