Hackers, cyber criminals and identity thieves — oh my! When you became a small business owner, chances are you didn’t know you were signing up for the likes of them. In fact, according to a study conducted by the National Cyber Security Alliance and Symantec, 77 percent of U.S. small business owners like you think their companies are safe from cyber attack. Unfortunately, that’s just not the case.
One big reason that businesses are vulnerable to attack is that they have vital information to protect, including financial records and reports, personally-identifying customer data and employee records, and intellectual property. And yet, 77 percent of the businesses surveyed do not have a formal written Internet security policy, 63 percent do not have policies regarding how their employees use social media, 45 percent do not provide Internet safety training to their employees and 59 percent say they do not require any multi-factor authentication for access to their networks.
In other words, a vast majority of small businesses in this country are just one data breach incident away from disaster, and they’re doing practically nothing to avoid it.
A recent online article notes that cyber threats abound, and they can come from within as well as outside your organization. Small businesses that accept payment cards over the Internet are particularly vulnerable due to a double threat: Thieves may steal data from your system, or use stolen data from another merchant to make a purchase from you.
If you fall into that category, Ellen Richey, chief enterprise risk officer at credit card giant Visa®, provides the following tips for establishing a cybersecurity policy:
1. Know the who, what and where of your sensitive data
Who has access to it, what kind of payment data you actually have and where it is located? This helps you establish where the risks are.
2. If you don’t need the data, don’t keep it.
Although credit card data should never be stored by merchants, many companies keep payment information on laptops or they allow employees to access it on their own devices. A better policy is to use a cloud service for payments and encryption; merchant services providers will securely store customers’ credit card account information for you.
3. Outsourcing to a secure solution provider can introduce a vulnerability to your system.
For example, if you hire a salesperson from an outside company, they may install a payment application on your computer system without changing the default password. Avoid this scenario by establishing exactly who is responsible for what tasks — and then check to make sure everyone follows through on that responsibility.
4. Always use secure devices and applications when accepting credit or debit card payments.
The credit card network websites offer a list of devices and apps that meet their standards.
5. Always Verify the Code on the Back of the Card
When processing payment cards — particularly in card-not-present situations — always verify the code on the back of the card and the address provided by the customer (a service known as AVS).
Today’s prevailing trend is that small businesses like yours are being targeted by cybercriminals because they know that you have fewer defense resources than larger enterprises. Protect yourself, your business and your customers by implementing a cybersecurity plan today. Alternatively, you might consider looking into penetration testing services. These “ethical hacking” experts are trained to test your system and network from the inside; check out this article for useful pen testing guidelines.
About the Author:
Beth Longware Duff is a professional editor and award-winning writer whose work on a wide variety of topics has been published in print and electronic media. She currently writes on a wide range of topics dealing with electronic payment processing and other Merchant Express services for Merchant Express.