What Artists and Gallerists Should Know About Data Security

Photo by Hacker Noon on Unsplash

With remote work still on the rise, hackers are having a heyday. Here are some best practices to defend your data, whether you're an artist or a dealer.

If you’re a working artist or a gallery owner, chances are you spend a good amount of your time online. From email correspondence to growing your social media following, being an artist or gallerist in today’s hyperlinked world requires a high level of technological literacy.

One main aspect of working in the digital realm is ensuring data security. Hackers are increasingly sophisticated and creative in their attacks. Some hackers even purport to be artists. Whether it's phishing scams or cases of misrepresentation (stolen identities, wire fraud, etc.), hackers don’t discriminate when it comes to targeting unsuspecting victims.

Here are a few best practices to abide by, so that your data stays as safe as possible.

Protect your social media accounts

Hacking has become increasingly prevalent across Instagram, Facebook, and the like. Over the past year, Instagram accounts ranging from “macro-influencers” (500k+followers) to “micro-influencers” (those with followers between 10k-50k) have found their handles suddenly changed, with no recourse to retrieve them other than frantically attempting to contact the behemoth social media platform’s ever-elusive support teams. Regardless of your follower count, your social media accounts are attractive to hackers.

Dealing with the fallout of social media hacks consumes precious time and energy — time and energy that could be spent creating art or following up with clients. To avoid this issue, it’s recommended to change your social media passwords on a regular basis, never share them, and always enable two-factor authentication with a cell phone number.

Arm yourself against credential theft with strong passwords and “2FA”

Don’t be lazy about passwords. In an article published by Security Boulevard, Ekaterina Kilyusheva, head of the Information Security Analytics Research Group at Positive Technologies, made the point that the recent increase in remote work, caused by the pandemic, has correlated to an increased frequency in phishing attacks and credential theft.

She further equates this rise to “poor password hygiene.” To ensure that your passwords are safe, follow these tips and simple best practices:

Use different passwords for your various accounts
If you use the same password on all your accounts, whether social media or online banking, a hacker will have much easier access to your most sensitive data in the event that one platform suffers a data breach or leak. To make life harder for hackers, never rely on one single password.
Enable two-factor authentication (2FA)
Two-factor authentication is simply the best way to ensure that your login credentials are protected.
As part of multi-user accounts on Artwork Archive, like the Artist Master, Collector Premier, and all Organization accounts, you can now add two-factor authentication. Learn more about how to enable two-factor authentication here.
Assign various users different permissions
If your accounts have multiple users, implement an administrative tier model. This will ensure that only certain users have access to your most sensitive information. That way, if your assistant has the tendency to work from coffee shops with free wifi (notorious hunting grounds for hackers), your most important data will still be safe, even if said assistant is hacked while on a public network.

For our Artist Master, Collector Premier and all Organization level accounts, Artwork Archive provides the ability to add additional user types. Multi-user accounts on Artwork Archive are permission-specific, so you can assign “view only” permissions to your team. Learn more about additional user permissions here.
Print out a list of your passwords for safe-keeping
In the event that your credentials are compromised and you lose access to an important account, having a printed-out list of your previous passwords will give you more leverage when attempting to take back control via a system administrator.

Vet all incoming inquiries to the best of your ability

As any reputable art dealer knows, due diligence is paramount in the fine art industry and doesn’t only apply to provenance. “Know your customer” (KYC) is financial services-speak for the new regulations that require banks and other financial institutions to verify the identities of their clients and business partners, lest they unintentionally conduct business with nefarious actors who may be the subject of governmental sanctions.

Previously unregulated — and a veritable playground for money launderers — the art market is now also subject to certain KYC regulations. Europe enacted its anti-money-laundering directive in 2020 (known as the AMLD5), but tightened restrictions are also in the works for the U.S. art industry, which is still the world’s largest art market.

The U.S. federal regulations will likely only apply to sales of artwork valued at $100,000 or more, but, in Europe, the tipping-point value is much lower at 10,000 EUR (including sales tax).

As reported by ARTnews, in the United States:

“The question of exactly which art-market participants will be subject to this law will be hashed out by the Department of Treasury, which has until December 27, 2021, to propose regulations providing those specifics. Those who are eventually covered by the final regulations will be subject to new compliance obligations such as developing, implementing, and maintaining an effective anti-money-laundering program and a monitoring system to identify transactions that may indicate criminal activity.”

There’s a saying that, if it’s too good to be true, it probably is. View every incoming sales offer through this lens, no matter how exciting the prospect may be. Do everything possible to verify the identity of the prospective buyer and never give out any personal information such as bank details unless you are 100% certain of the buyer's identity.

Even if you are a single artist and feel that these new regulations don’t apply to you, it’s advisable to still proceed with caution when transacting a sale online. If the inquiry email uses strange grammar, asks for wire information without even confirming basic artwork or shipping details, or seems simply off, trust your gut and delete. Learn more about how to protect yourself from online art scams here.

Back up your data

Prevent data loss by routinely backing up your digital data to an external hard drive. This best practice will protect you and your business from ransomware attacks. As defined on the U.S. government website for Cybersecurity and Infrastructure Security (CISA), “Ransomware is an ever-evolving form of malware designed to encrypt files on a device, rendering any files and the systems that rely on them unusable. Malicious actors then demand ransom in exchange for decryption.”

You might be thinking, “But, my company is just me and an intern! Who would target a sole proprietor?” Don’t think you aren't a target until it is too late. Like phishing schemes and credential theft, ransomware attacks are on the rise due to the increasingly remote nature of work during the pandemic. Everyone is a target.

According to an article by Computerweekly.com, ransomware attacks consist of three stages: the initial attack, meaning the delivery of the malware payload; encryption of the victim’s data so that it's no longer accessible to them; and messages back to the hacker. The best defense against this type of attack is to back up your data on an external hard drive.

If you are using cloud-based services, learn how to download your data and then save to the external hard drive of your choice. Here’s a recent list of the best external hard drives of 2021.

Artwork Archive allows subscribers to export and download their data at any time. Learn more about downloading your data here.