Cyber attacks will continue to grow and keeping your gallery’s information secure will require continued diligence. In this article let’s look at some of the recent findings from cyber security experts and what it means for your art gallery business. Do you know what vulnerabilities to watch for with social media accounts? There are many things your business could do to get cyber battle-ready and keep sensitive information of your clients, artists and employees safe.
According to The Hiscox Cyber Readiness Report, it is estimated between 45-60% of cyber attacks happen to small to medium sized business in US and Europe. Of these attacks, about half are for malicious intent and the other half comes from human or system error. Some cyber attacks might be a time consuming annoyance and others could put your gallery out of business.
Social Media is a Hacker’s Playground
Social media is the newest frontier for hackers, but cyber security on social media is often an after-thought for small businesses or individual users. In 2015, Facebook reported that up to 31 million accounts are false, Twitter estimated 5%, and LinkedIn admitted that they did not have a reliable system for identifying and counting duplicate or fraudulent accounts.
Social media attackers can easily manipulate your account and execute a variety of attacks or scams, including social engineering which is the method used by cyber criminals to trick, blackmail, and threaten people into sharing information or performing tasks that will allow them to carry out their crime. Other kinds of attacks might be fraudulent sales, brand or account takeovers and malware links. You and your gallery staff need to closely monitor your accounts and be aware of some of the attacks that might affect your gallery business.
Also be aware of employees checking their own personal social media accounts. They could accidentally compromise your gallery’s computers and network. So education and security policy are an important part of prevention.
What Can You Control and What You Can’t
For a small business without a watchful IT department, keeping track of the fast paced, ever changing cyber security world is difficult. You need more than just anti-virus software. The good news is you are not completely alone. You have suppliers that should be installing a certain amount of security with the services they offer your business. You have less control over this potential security weakness, but you can be aware and ask questions to help you be better prepared should a breach occur. Your suppliers might include:
- Webhosting for your gallery’s website
- Email and internet providers
- Credit card processing technology
- E-commerce sites such as Artsy, Artcloud or other online sales platforms.
- Inventory and CRM software that is hosted on the cloud.
- Contact database may be stored on an email service such as Mailchimp or Constant Contact.
You should identify the vulnerable data you have and where it sits – on your computers or with a vendor. Be knowledgeable about the security measures your vendors are putting into place. While you have limited control over the level of protection they provide with their services, you can be proactive to determine what security gaps need to be addressed.
However, there are some basic things you can do to ensure you are not leaving the gallery’s cyber door wide open for an attack. Let’s look at a checklist of security measures your gallery can control and should be implementing. This checklist is based on recommendations made by the FCC’s Cybersecurity Tips for Small Businesses and DHS’s Small Business Tip Card
Hopefully many of these are already in place within your gallery. Other items on this checklist might be something for further consideration.
You know the saying… Better safe than sorry.
- Protection against viruses, spyware, and other malicious code
Ensure all gallery computers and devices are protected with updated software. Configure your security software to update automatically and schedule regular scans. Review what antivirus software vendor you are using and make sure it is still the best option. Once top rated Symantec and Norton security software was recently found to several contain critical vulnerabilities.
- Secure your internet Wi-Fi connections
Safeguard your Internet connection by using a firewall and encrypting information. Your Wi-Fi network should be password protected and hidden.
- Regularly backup the data on all computers
This would include sales and inventory histories, employee records, vendor contacts, accounting documents and customer and artist files. Ransomware attacks have become too common. Being able to retrieve essential files from backup will save you both time and money.
- Limit physical access to computers
Computers and mobile devices are easy targets for theft. Make sure they are not left unattended in the gallery or left out overnight. Assign separate user logins for each employee who needs to access a gallery computer.
- Secure mobile devices
Mobile devices can cause significant security challenges depending on how your gallery uses them. The biggest threats are if lost or stolen, malware and viruses. Because these devices connect to WiFi and Bluetooth, hackers can easily connect and steal information. Require staff to password protect their devices and install security apps to prevent criminals from stealing information while the phone is on public networks. Always keep software updated. They often include important security patches and upgrades.
- Establish company security practices and policies to protect sensitive information
Develop policies on how gallery employees and possibly vendors should handle and protect personal information and other sensitive data. Include policies on the strength of password creation and how often they are changed. Clearly define the consequences of violating your gallery’s cyber security policies.
- Stay informed about cyber threats
Be knowledgeable about online threats and how to protect your data on your computers, network clouds and even social media usage. You can sign up for alerts from US-CERT.gov.
- Employ best practices on payment cards
Review what you use to process credit cards currently and ensure it is still the best and most secure option available.
How to Respond to a Security Breach
If you do experience a breach of security or any kind of attack, what are the next steps you should take? First and obviously, move quickly to fix the vulnerability. Contact any vendor involved to determine what and why it happened and what information may have been compromised.
Next bring gallery staff up-to-date with what happened and how to handle communications with clients. It is best to inform clients and business partners right away about how the breach may have affected them and what steps your gallery is doing to correct the problem. Depending on the severity of the breach, the gallery should designate a single contact person for all involved. This will help keep information clear and accurate.
You will also want to inform the local police and other cyber security organizations that may be monitoring certain kinds of attacks and working to stop them.
- Inform local law enforcement
- Report stolen finances or identities and other cyber crimes to the Internet Crime Complaint Center at www.ic3.gov.
- Report fraud to the Federal Trade Commission at www.onguardonline.gov/file-complaint.
- Report computer or network vulnerabilities to US-CERT via the hotline: 1-888-282-0870 or www.us-cert.gov.
Cyber security is growing problem for businesses around the world. The nature of threats changes constantly and your business has other priorities. This leaves many small businesses as ideal targets for a cyber attack.
Taking some time, even on just an annual basis, to check the health of your gallery’s online security could literally save your business if you are attacked. Putting employee policies in place and asking smart questions of your vendors is critical. Also consider in advance how you will communicate with clients, artists and business partners should your gallery become a victim of an attack.
Advance preparation is the smartest way to fight a cyber attack, but the majority of small businesses feel they are unprepared. Do be one of them.Follow me on social for more fuel, insights and occasional silliness: