5 Ways to Improve Cybersecurity
Ransomware and other cybersecurity attacks can put attractions at risk of serious financial losses, operational shutdowns, and safety threats. “Could a roller coaster be the target of a cyberattack? The short answer is ‘yes,’ along with other theme park rides, public amusements, and attractions,” stated Stephen Berry, CEO of DDE Technology, a provider of cybersecurity and advanced technology solutions, in a 2021 article on the company’s website.
Worse yet, cybersecurity attacks are on the rise. According to the 2022 SonicWall Cyber Threat Report, “ransomware [attacks] climbed an unprecedented 105% in 2021, and the explosive growth of strategies, such as double and even triple extortion, ensured that these attacks were more successful than ever.”
While operating in an online environment is essential to today’s businesses, attractions can enhance their cybersecurity and reduce their risks by following five simple steps.
No. 1: Educate Staff about Phishing Emails
Phishing emails are bogus electronic messages sent by scammers to gain personal information. “A phishing email will often try to disguise itself as a legitimate message from a bank, online service, or other company,” explains a blog at usecure.io, a cybersecurity firm. “It will then include a link to a fake phishing site—a site that looks just like the legitimate company it is imitating—where it will ask for your username, password, credit card details, or other personal information. Once you enter this information, it will, of course, be in the hands of the cybercriminal.”
That criminal can use this data for many purposes, including possible access to networks at a company, should the victim have leaked their employee credentials.
Sometimes the phishing email will come from an email address belonging to someone the recipient knows. That’s because the hacker is using the victim’s email contacts list to fool colleagues, family members, and friends into clicking on a phishing link with a subject line that creates a false sense of urgency, like “Change of Password Required Immediately,” or more innocuous ones, such as “Missing Invoice” or “See My Vacation Photos”
To foil phishing, staff must learn to treat each potentially suspect email as a possible phishing attack and to not click on any links unless they have verified that the sender is genuine and safe.
No. 2: Use Two-Factor Authentication for Logins
For added login security, a website may send a code to a user’s phone after inputting a username and password that then has to be entered to verify identity. This is an example of two-factor authentication (2FA) in action.
Using this approach, 2FA defeats hackers using stolen usernames and passwords, protecting account owners from attacks. When the hackers attempt to log onto corporate sites, the 2FA system asks them for the code sent to the actual user’s smartphone to gain entry. Unless they happen to have that smartphone (which is unlikely), they won’t get the code, and the system won’t let them in.
No. 3: Back Up Databases
Here’s an easy way to foil ransomware attacks: Back up complete databases to an external location. The whole point of a ransomware attack is to encrypt the victim’s database or computer system and charge them money to unlock it (which may not happen even if the ransom is paid). If the database and files are backed up elsewhere, the target can remain in business without paying the ransom and then load the clean backup database onto a new machine to resume business. A proper backup plan includes daily incremental backups, as well as weekly system backups. The medium should be rotated on a two-week basis.
No. 4: Move to a Zero Trust Security System
To provide extra security to a network, establish a zero trust security system. In a conventional information technology (IT) security system, users enter their username and password to get full access to the whole network, which is a boon for hackers. In a zero trust environment, the system challenges users at every step of the way to prove their identity and restricts access to sensitive data. This makes it much harder for hackers to penetrate an entire network.
No. 5: Plan for Cyberattacks
Cyberattacks happen, so attractions businesses need to prepare for them. Backing up databases is just one step of the process. An end-to-end, well-thought-out plan needs to be in place with training, so staff know what to do (and not to do) when a cyberattack occurs. The plan should also be deployed on a regular basis to ensure it works and that staff know how to use it, just like a lifeboat drill on a cruise ship.
The Bottom Line
“At the end of the day, cybersecurity is about people who seek to do damage to your operations and your own people (employees), who may not have the necessary training, skills, and awareness to detect and counter harmful attacks,” DDE Technology’s Berry tells Funworld. “A culture of cybersecurity awareness and training is critical for operators, particularly where risks extend to human safety and reputation, as they do in the theme park industry.”