Given the increasing frequency and sophistication of modern cyber attacks, it is more important than ever for small businesses to understand the dramatic effects of a data breach. Small businesses can protect their customers and themselves by staying educated and understanding solutions and best practices that are available to reduce the likelihood of a costly security breach.
- Safeguard Valuable Documents and Equipment – Make sure all digital devices used for business are protected with antivirus and antispyware software that is regularly updated. All computer servers and sensitive paperwork need to be stored safely and securely, with a limit to the number of people with keys and/or access codes. Research off-premise data center or cloud computer solutions to ensure the safety of your information.
- Use a Password Manager – In theory, we all know we should be using different passwords for each website but very few people actually follow this practice. For convenience, most users routinely use the same or similar passwords for multiple web services. Luckily, there are now many tools to help us manage our passwords correctly.
- Limit and Control Access – Don’t let unauthorized individuals use business computers or equipment and limit physical access to your systems. Even employees should be given access only to specific data systems they need to do their jobs. Make it is standard procedures that all employees seek permission before installing any software.
- Update POS Systems – The responsibility to cover losses born from fraud will shift from credit cards/banks to the merchant later this year. For this reason, all merchants with outdated POS systems should move to embrace EMV technology as soon as possible. EMV cards contain embedded microchips and are much more secure than cards that rely on a magnetic strip. While adopting new technology always presents a challenge for small business owners, merchants can’t afford to not take this step.
- Encrypt and Tokenize – Implement full-disk encryption on each company-issued computer and mobile device. System passwords alone offer little defense against off-site hacking attempts. By layering encryption and tokenization with EMV and POS compatible systems, merchants can minimize security weaknesses and address authorization vulnerabilities. During the transaction process, data is most vulnerable immediately before and immediately after authorization. Encryption and tokenization protects against this. Further, encrypted and tokenized data holds no value; it is just a random, unusable string of numbers/characters.