Piracy and Hacking – Protecting Your Business Against Online Theft

As COVID-19 continues to spread across the world, cybercrime levels have been rising with it. Cybercriminals are taking advantage of the fear and uncertainty surrounding the coronavirus pandemic as well as the increased time spent online during social-distancing to trick people into releasing sensitive information.

In years gone by, the more brazen of criminals dreamt-up imaginative and resourceful ways to rob a bank, a train or the corner jewellery store.

These days, rather than diamonds and gold bullion, its information that’s most highly prized, and it’s a laptop rather than the barrel of a gun that’s getting the job done.

In the era of the ‘hacker,’ these sorts of crimes are occurring more and more frequently. Just recently here in Australia, information relating to new fighter jets, navy vessels and surveillance aircraft was successfully hacked and stolen from an unsuspecting defence contractor.

Whilst the above is obviously an extreme case of information theft, it goes to prove that any business enterprise, regardless of size, must make moves to protect all its information, and in doing so, must also prioritise the order of that protection in terms of confidentiality, availability and integrity.

The first step is recognising the difference between information and data.

In the case of a large pharmacy group for example, ‘data’ could be defined as bits, bytes and types of files – these could include accounting and tax files or software files that track packing information for example. ‘Information’ on the other hand are documents of value to the business in a different way like customer records, intellectual property, personally identifiable information or staff records.

Once on top of these distinctions, and assuming business owners have an idea of what’s confidential and what’s not, prioritising protection becomes a bit clearer.

So, for the purposes of illustrating the importance of confidentiality and information security, we’re going to apply to blowtorch of scrutiny to our good selves.

Here at AP Group we routinely deal with sensitive information pertaining to pharmacy businesses, from financial data through to lease and staffing information. Needless to say, when we prepare a business for sale, we’re holding and housing a large amount of confidential information.

To ensure its adequately protected, we’ve invested significantly in a highly secure registration system, whereby authorised pharmacists can view information pertaining to a sale, but are not able to share it, download it, send it via email or print it locally. By registering, they are also agreeing to be bound by our terms and conditions relating to the use of any confidential information accessed by the user via our system.

But it’s not only the data that needs protecting, it’s regulating access too.

You must ensure the right people are accessing the right information at any one time. In the case of AP Group, we have individual login personas that we can track and monitor to determine who is accessing data, from what device and when.

To fortify that layer of protection, we track patterns of use that can paint a picture of how individuals are accessing secure data.

The antiquated alternative, in the brokerage game anyway, is the old hardcopy confidentiality agreement (CA), which is usually sent to prospective buyers in the post, signed and sent back to the brokerage some weeks later.

As the name suggests, it’s a written agreement between two parties that outlines confidential material the parties wish to share between each other, which information cannot be disseminated to any unauthorised third parties.

CA’s are legally binding, therefore any breach of contract within the allocated timeframe (if any) can be pursued for damages. Whilst there’s some level of protection, in reality, these agreements are though to enforce and any loss flowing from a breach is difficult to quantify. Further, the use of a CA will only be relied upon, once the confidential information has been disclosed, it in no way can prevent a breach.

The method in which the information is shared is somewhat open-ended. For example, even with a CA or Non-Disclosure Agreement in place, sensitive information related to the sale of a business can and will be shared via email, leaving the door ajar for hackers or unscrupulous operators to misuse that information readily and without rebuke.

So, whilst some brokers may preach adherence to the strictest confidentiality parameters, there’s always risk, especially when sensitive data and documents are being emailed or posted out to potential buyers.

Ignore the advertising spin and if you’re planning on selling your hard-won business, make sure you’re well and truly comfortable with your brokers’ confidentiality approach before signing any engagement agreement.

– Phoenix Nguyen, Systems Manager at AP Group

- Advertisement -