If you’re a business reading this in 2022, having weathered a pandemic, you are resilient. But today, I’m here to talk about business resilience in a different context. I want to talk about how you can build business resilience by being cyber-secure.
Have you noticed that in recent times, we hear about cyber crimes more often than we used to? We hear about huge companies having their data breached and more and more individuals being approached by scammers and hackers every day. The rise in numbers is no coincidence: cybercrime is more rampant than ever.
Read on as I go through what cybersecurity is, why it matters to your venue, how to find the best software provider to protect your data, and some best practices you and your team can implement to keep your data secure in-venue.
What is cybersecurity?
Cybersecurity is the protection of data on internet-connected devices from malicious electronic attacks by spammers, hackers, and cybercriminals. Companies use this practice to protect against ransomware attacks, phishing schemes, identity theft, financial loss, and data breaches.
Why is cybersecurity important?
Cybersecurity is vital because, in today’s world, almost everyone and everything is online. And while the internet has provided us with an array of conveniences, the problem is that data security is evolving faster than the technology supporting it.
Think about it: for every new kind of technology that comes out, doesn’t it seem like someone is hacking into it only a few months later? So, it is more pertinent than ever to pay attention to cybersecurity.
How does cybersecurity relate to operating a venue?
Cybersecurity is crucial to the smooth running of a venue.
As the attacks mentioned above become more lucrative and systems (venue management systems included) become more complex, this all adds up to attacks happening more often — and being more successful than they used to be.
This is a concern for venues as cybersecurity is directly linked to business resilience. It is one of the biggest threats currently.
So the answer to how you can protect your venue from cyber attacks is two-fold:
- Ensure that your software provider adheres to the highest data security standards, and
- Follow data security best practices when running your venue.
Let’s look into these two points in more detail.
What data security questions should you ask a potential software provider?
Your data’s security starts with your software provider. If they do not adequately store and secure your data, your in-venue data-security efforts will be less effective.
So let’s look at some questions you can ask a potential software provider to ascertain whether your data will be safe with them.
1. Is your data encrypted?
Non-encrypted data is more vulnerable to breaches.
Encryption provides another ‘layer of defense’ when protecting sensitive data. The more ‘layers’ your provider has between sensitive and publicly available data, the better.
2. Do you treat all data as sensitive data?
Continuing on from the above, ensure that your provider treats all data as sensitive.
When booking data, for instance, is treated as sensitively as a guest's credit card details or your employees' bank account details, this makes for an incredibly secure system where all data is protected equally, and the possibility of a breach occurring is significantly lessened.
3. Do you regularly complete audits and testing for system weaknesses and bugs?
With the current state of cybersecurity and attacks, software providers these days must carry out thorough and regular checks and balances on their systems.
If the provider can catch the vulnerabilities and bugs in their systems early, they can rectify these things before an attacker discovers them and takes advantage.
What are some cyber security best practices that your venue can apply?
The benefit of using a cloud-based system is that the software provider bears the data security burden, not you.
However, although data security starts with your software provider, security is a shared responsibility. Providers will secure your data as much as they can on their side, but you will need to monitor the maintenance of data on your in-venue devices.
Here are some best practices that can help in your efforts.
Read this next: Top Benefits of Cloud vs On-Premise Software
1. Limit the number of employees who have access to sensitive devices
Ensure that only the employees that need access to sensitive data are the only ones who do and that if an employee leaves, their accounts are deactivated so that they cannot log in from anywhere else.
Less exposure = more secure.
2. Educate employees on data-security best practices
Ensure that employees know the basics of data security, such as logging out when they are finished with their session and never sharing passwords with other team members.
Also, ensure they are not using the venue’s devices for anything else that could potentially facilitate a cyber attack. For example, if they install software from an insecure source on your device and it turns out to be malicious, it can corrupt your systems and lead to ransomware attacks.
A rule of thumb here could be to enforce a rule that no personal browsing or downloads are to happen on company devices.
3. Use strong passwords or a password manager
Using strong and complex passwords is highly recommended. Even better is to ensure that you use different passwords across different platforms because if one of your passwords gets exposed, all your other accounts will still be safe.
Additionally, consider using a password manager. Your employees will only have to remember one very complex password; from then on, the password manager will generate random passwords for every platform whenever you need to sign in.
So your credentials will be super secure, and your employees won’t have to remember many passwords either — win-win!
4. Install antivirus on devices
There are plenty of reasons to install antivirus on your device, but the stand-outs include:
- Defense against cybercriminals and hackers
- Data and file protection
- Firewall protection from phishing attacks and spyware
How does ROLLER keep data secure?
At ROLLER, our systems are attacked every 10 minutes or so. Meaning, we must stay vigilant at all times.
To combat these attacks, we do a variety of things, such as:
- Adhering to the most vigorous global data security standards
- Encrypting our data
- Maintaining layers of security between sensitive data and public data
- Treating all data as if it’s sensitive data
- Employing the best engineers to build robust systems
Penetration testing and audits
Conducting constant, rigorous checks and balances on our systems is of the utmost importance to us — especially considering how often cybercriminals target us. It is how we find weaknesses before hackers exploit them.
Recently, we completed a full audit and penetration testing where we hired an external third party to attack our systems over weeks to see if they could break things or expose our data. Afterward, they reported any bugs and problems to us. Happily, we passed this compliance test and rectified all minor issues found from it.
We also received an ISV certification from AWS after they completed an audit of our systems. It was a foundational and technical review to ensure we kept to the highest data security practices.
So in these ways, we are constantly checking and improving our data protection because we firmly believe that vigilance is the key to cybersecurity.
When you secure your data, you secure your business
Data security is not a fun topic, but unfortunately, it has become pertinent. Nowadays, it is not so much a matter of if your systems will be attacked but when. However, this statement does not need to be alarming if you know what to do.
Ensure that you go with a reliable software provider, ask them the important questions, and also ensure that you and your staff know how to keep your data secure in-venue.
This combination effect is what we use here at ROLLER, and so far, it has served us well and helped us grow into a more resilient business. I hope these tips can do the same for your business too.