Other businesses can learn about cybersecurity from the health care and financial services industries.
September 30, 2015
Scott Larson is a former FBI cyber-crime investigator and current CEO of North Oaks-based Larson Security, which performs consulting, risk assessments and other cyber-protection services for banks, law firms, retailers, tech firms and health care organizations. He says that banks have continuously had to address new types of security, such as mobile and online banking. They’ve become adept at keeping all types of information separate—customer data, financial data, anything that is regulatory-based that could cause risk exposure, intellectual property, mergers and acquisition information, and human resources information.
But while banks might frustrate cyber-crooks, there are other types of businesses they can rob. “Last year, we saw a lot of payroll-related hacking,” such as rerouting of direct deposits, Larson says. He adds that there’s been a huge increase in hacking of tax returns. Other thieves have made off with company funds via illicit online wire transfers.
Like Carpenter and other cybersecurity experts, Larson recommends network segregation for businesses, as well as automatic updates and anti-virus programs. But he also says that businesses shouldn’t rely solely on technological fixes. There are security-incident products that combine anti-hacking methods, and alerts are available, but Larson says these products are still imperfect. Actual human beings need to be involved, and know what to look for. Businesses need people who can handle the day-to-day operation of a network, he says, because IT people “know what’s normal and what’s not on a company’s network.