Chassé examines security through a pen test
At the beginning of 2022, Chassé Theater in Breda commissioned a pen test, which involves scanning computer programmes and systems for flaws before actually using those flaws to hack into the system. The security of their Peppered website was one of the areas that Chassé's pen test looked at. We discussed the value of security and what Chassé does in this regard with Remco Tiel, the organisation's IT coordinator.
What makes security vital in your opinion?
There is a lot of information in the media today regarding what is happening and how hackers are able to access data. As a result, security has gained popularity—certainly in recent years.
Security is a very crucial issue to bring up, even though you should be aware that you can never do it well enough. Terabytes of data are being stolen from very large companies as a result of hacking. Businesses who can afford much more money than we can to safeguard themselves from this.
To believe that it couldn't happen here is utopian. Any organisation is susceptible to it. Nevertheless, you should pay close attention to your organisation’s security and make every effort to prevent and minimise hacking.
Has the Chassé ever been hacked?
Yes, though it happened a long time ago. The person using the computer is the weakest link in the security system. When you visit a site that has already been hacked, includes spam, and infects you, things frequently go wrong. Alternatively, you may open a link in a spam email that you receive.
At our office, someone opened the link in a similar email. We had a security issue that needed to be resolved, and as a result, the user had too many rights. So something was installed on that PC right away. That programme attempted to use a specific channel to connect to the internet. Fortunately we had closed that channel, that has been our salvation.
How do you think Peppered handles security?
We eventually changed our website to use Peppered. The fact that it is an existent solution that functions for numerous corporations is what initially drew our attention. This saved us from having to create something from scratch.
During an annual audit, our accountants enquire about our security arrangements. To test the security, we had a pen test performed in early 2022 by a third party, an IT firm from Breda. White hackers are used by them to look into flaws in the network, software, or websites, for example. Our security was thoroughly examined throughout this pen test, which lasted a week and included testing it on Peppered, our ticketing partner Itix, and our WiFi network.
Peppered works for several theatres and other cultural organisations. We are a slightly bigger theatre in the Netherlands, thus we have a little bit more resources to carry out such a pen test. So, in addition to doing this for ourselves, we have also done it for the other associated organisations.
What were the main outcomes of this?
At Itix and Peppered, everything was really well planned out. The white hackers were unable to breach anything because they hadn't discovered any vulnerabilities. There were some suggestions offered. We then shared the results with Peppered and Itix and adjusted the points for improvement.
But if we ran the test again, something else would show up. The security field is undergoing rapid change. You'll be alright though as long as you remember this and stick with it.
Have you got any security advice for other cultural institutions?
Never take reliable security for granted. Don't assume that everything you receive is immediately fully set up. Consider setting up two-factor authentication, changing default passwords as quickly as feasible, and changing your passwords frequently.
Hackers strive to take advantage of a variety of weaknesses because they can never just break in all at once. So always update your programme as soon as a new version is available. Every day, new security flaws are discovered, and the software developers fix them. As a result, the software vendors and hackers are always playing a game.
Although there are various protocols, it can never be fully closed. To demonstrate that you did try to avoid things from going wrong when they do, you must continue to do your best.
A CMS that is secure
Security is of the utmost concern at Peppered. As a result, you may relax knowing that your online routes are secure. Choose a CMS that is consistently compliant.