(Note: This story appears in the September 2022 issue of ED Magazine)
Tech expert J.C. Pomerleau of GoBest! explained the cyber risks your club may face right now and what steps clubs can take to minimize those risks. Pomerleau appeared on the ED University Certification Seminar on club security.
Adult business technology authority J.C. Pomerleau has for 25 years dedicated his professional life to keeping adult nightclub and adult retailer store operators’ online worlds safe.
Pomerleau was responsible for computerizing the Déjà Vu club and adult retail store chain’s operations. He remains vigilant at the forefront of the ever-evolving IT landscape and now focuses on cybersecurity. Shaped by his extensive experience in this field, Pomerleau has developed the proprietary Security Best Practices for Go BEST! — Jason Mohney’s all-in-one resource for the industry — to keep industry businesses safe.
J.C. Pomerleau explained to the packed crowd of EXPO 2022 security seminar attendees that while he’s flattered to be called a cybersecurity expert, he prefers to think of himself as simply a cybersecurity best practitioner. Pomerleau notes that in opening more than 100 clubs and stores, he discovered numerous things that must be changed and monitored, which led to his introduction of the Security Best Practices for Go BEST!
“I believe our digital hygiene has become paramount to all of us,” said Pomerleau. “It’s about how we operate our businesses and maintain our computer networks. If we neglect to proceed safely through these ventures, we’ll find it’s the same as leaving the keys in your car or leaving your office door and your safe wide open and trusting your employees and guests that everything will be OK.”
“We’re mistaken to think that cyber threats are just for the big guys like Target, Walmart, or Equifax,” Pomerleau continued. “For example, the Department of Labor says that 99.2% of all businesses in America are small businesspeople like us and that we’re all at risk of cyber-intrusion.”
Pomerleau cautioned that while every club operator is concerned about such things as staffing, whether their digital billboard is working, and if their manager does the inventory today, most customarily fail to stay on top of whether they’ve updated their software, done their firmware updates and whether their manager logged out as an administrator after finishing their shift.
“These are things that are important to us,” explained Pomerleau. “Because if you’re wondering who can hack into our systems these days, pretty much anyone with computer access could be suspect.”
Pomerleau notes that adult businesses have thousands of computers on their networks that people access daily. During COVID-19, cyberattacks on US businesses have quadrupled, leaving the industry exposed and very much at risk.
“Cybercriminals want our money, data, social security numbers, home addresses, phone numbers, and credit card information, which they’ll see on your server,” said Pomerleau. “They want to get a credit card and open up our bank accounts.”
“I believe our digital hygiene has become paramount to all of us. It’s about how we operate our businesses and maintain our computer networks. If we neglect to proceed safely through these ventures, we’ll find it’s the same as leaving the keys in your car or leaving your office door and your safe wide open and trusting your employees and guests that everything will be OK.” — J.C. Pomerleau
Pomerleau reported that most operators don’t understand malicious code is generally introduced onto their system by their invitation — through phishing or security scams and downloads. It’s generally because they’ve inadvertently invited intruders to penetrate their system simply by practicing poor digital hygiene, such as leaving emails open.
We all know that an email from a prince in Nairobi who wants to borrow $10,000 today and promise to return you $1,000,000 on Friday is a link we’ll certainly avoid clicking. So instead, we’re now looking for an email from Bank of America spelled with a “zero” (0) instead of an “o.” Because they’re spoofing legitimate sites, just clicking on that spoofed email has invited some spyware. Once it’s been invited, you’ll find a Trojan: a worm that will hunt and fish your system down to find everything available on their security download.
Everybody downloads software, such as the free Adobe Acrobat for PDFs. Today, you must be careful not to download Acrobat from a spoofed Adobe site with, for example, a Russian “e” (Ӭ), as that alone will invite lots of problems into your system.
Pomerleau noted good digital hygiene is much more involved than simply using complicated passwords. Over time, he’s put together security practices that have kept his clubs free from intrusions for 20 years. He presented his top practices to keep your businesses safe:
1. Keep your software up to date. If you’re still running Windows XP, due to its numerous un-patchable vulnerabilities, remove that PC from your network.
2. Use complicated passwords. Make it difficult for intruders to access your machine, financial data, and POS systems. A complicated password is simply uppercase and lowercase letters and symbols. For example, think of a sentence and use the first word in upper and lowercase letters. Capitalizing will add to this layer of protected security.
3. Never check emails on your POS or any financial server or computer with financial data. Checking emails invites someone to spoof you and explore what’s on that business PC, including payroll data, your Social Security number, home address, and any stored credit card information and bank accounts.
4. Create separate logins on your PCs for each manager.
5. Have only one administrator on your network. Since managers aren’t administrators, they cannot download software. That will keep your system extraordinarily safe because software downloads invite intruders.
6. If you remotely connect to your business’s site, use a virtual private network (VPN). A VPN is an encrypted tunnel from A to B which protects you. It’s common freeware; Pomerleau recommends using Express VPN or Cisco’s AnyConnect.
7. Use a firewall. If a POS or software provider asks you to shut off the firewall for troubleshooting, always be sure to turn it back on. A firewall prevents your computer from being discoverable by any other device that could access your data through malware.
8. Always use business-class routers. “A breach of any club chain is a breach of all of us because our brands are perceived as all being in the same bucket, and it would incentivize people to stop using credit cards at adult clubs,” said Pomerleau.
He explained that his Go BEST! Security Best Practices aren’t limited to this list; these are simply the most important ones to maintain clean digital hygiene for your business.
“Chargebacks are an issue,” noted Pomerleau. “And I’m happy to report that we’ve eliminated 98% of our chargebacks through our Security Best Practices. And to this day, we’ve received zero breaches! In addition, we have some pretty amazing CCTV systems that have assisted in this by watching our registers closely.
“We are all in this together,” added Pomerleau. “And we all need to protect each other, collectively.”
He suggested attendees go home and start running down the list to improve their business, increase their security and clean up their digital profile.
“There’s much more to share,” said Pomerleau. “We at Go BEST! are also experts in CCTV, network architecture, ATMs, and media distribution. We would love to share our knowledge with you and conduct a free Go BEST! evaluation of your business to help ensure that we all remain safe in this ever- changing world that seems to be putting us all at risk every time we log online.”
For more information, contact J.C. Pomerleau at (866) 258-8055 or email@example.com.
Larry Kaplan has for 21 years been the Legal Correspondent for ED Publications. In addition, Mr. Kaplan is a business broker in the sale and purchase of adult nightclubs and adult retail stores and the Executive Director of the ACE of Michigan adult nightclub state trade association. Contact Larry Kaplan at (313) 815-3311 or email firstname.lastname@example.org.