During the busiest time of the year for online shopping, Smith Anderson Partner Joe Dickinson* sat down with WRAL to discuss how small businesses can protect themselves from hackers and identity thieves.
“Most businesses are familiar with the sensitivity and value of information, but one of the things we see at Smith Anderson, especially with small and medium sized businesses, is they often don’t realize they are primary targets,” Joe explained. “They often have fewer resources, which translates to weaker security, making them easier to compromise. Once those systems are compromised, hackers can use that access to get to larger businesses and get financial and consumer information.”
Joe cautioned maintaining software via patching is a critical component to protecting your business. Software developers are frequently identifying security gaps, improving the software and making those advancements available for implementation. “It is critical that, when you get those software patches, you update your software as soon as possible,” Joe said.
Joe explained that phishing scams are especially frequent this time of year. “Someone sends you an email and it has something in the subject line that’s attractive to you. And this time of year, what’s attractive to everyone? A sale!” Joe said. “It’s very easy to take advantage of those messages that people are attracted to.”
As a last note of advice, Joe suggested both businesses and consumers should be monitoring their systems and changing their passwords frequently. “Change your passwords for the holidays and then, at the end of the holidays, change them again,” he said.
Joe is a seasoned data use, privacy and cybersecurity lawyer with more than 25 years of business and legal experience advising technology companies, as well as healthcare and government entities. His extensive experience includes developing and implementing data privacy and security programs, HIPAA compliance, GDPR compliance, data breaches and governmental privacy-related investigations, technology licensing and transfer, contracts involving data flows and managing the related legal risks and obligations, intellectual property and information technology, and conducting internal investigations related to corporate compliance.
If you are having trouble viewing the video, it is also available on Vimeo.
* Admitted to practice in Ohio, not yet in North Carolina