This is the final installment in our ongoing series about National Preparedness Month (celebrated every September). Over the past three weeks, we’ve covered:
- Why National Preparedness Month exists
- How your business can protect itself from disasters
- Resources to help you rebound after tragedy strikes
When most small business owners learn of National Preparedness Month, they automatically think of natural disasters such as earthquakes, hurricanes, and wildfires. That’s because these acts of God attract the most media attention.
Yet, there’s another type of disaster with which businesses must increasingly contend — one that can cause just as much destruction as an earthquake.
Worse still, it’s entirely man-made.
That threat, of course, is the rise of cyberattacks.
Given that October is National Cybersecurity Awareness Month, we wanted to close National Preparedness Month with a nice segue piece that ties both themes together.
What Does Cybersecurity Preparedness Mean?
“Cyberattack” is an umbrella term that encompasses all the ways malicious actors can exploit vulnerabilities in your IT infrastructure. Some of the more common types of cyberattacks include:
- Payment fraud
- Data breaches
Many thieves use cyberattacks to steal sensitive information (credit card numbers, for example), while others use them to extract money from you directly (such as with ransomware).
Either way, the frequency and severity of these attacks are both on the rise as society increasingly embraces the Internet of Things. As more of our appliances and devices become connected, this introduces vulnerabilities for tech-savvy criminals to exploit.
To protect your small business, you must be proactive in how you set up your IT infrastructure and handle sensitive electronic data.
You need to invest in cybersecurity.
Below are proven strategies to get you started.
1. Always Up to Date
The lowest-hanging fruit in cybersecurity protection involves installing relevant patches, updates, and anti-virus software for all of the devices used in your business. Doing so helps close many of the biggest security holes that criminals target.
For example, the WannaCry 2017 attack exploited vulnerabilities in Windows XP — an operating system released in 2001.
Most updates are free and only take a few minutes to install, so start there.
2. The Principle of Least Privilege
The principle of least privilege is a cybersecurity measure in which you limit access to company data on a strictly need-to-know basis. Employees should only have the minimum permissions required to perform their core tasks.
- If Sandy is in charge of inventory and stocking, she doesn’t ever need to see your customers’ credit card information.
- If John is in charge of the cash register, he doesn’t need access to your store’s inventory records.
3. Employee Security Training
Even with compartmentalized access rights, employees can still put your business at risk if they don’t take basic security precautions, such as:
- Creating long, alphanumeric passwords that they change on a regular basis (free tools like LastPass can help with this)
- Using two-factor authentication (2FA) when logging into your company’s servers, portals, or email platforms
- Locking down their devices — especially if they travel with company-issued smartphones, tablets, or computers
- Learning how to spot phishing emails (even when they look like they’re coming from legitimate sources)
The larger your team, the more potential holes you’ll have to plug. It’s worth revisiting this security training periodically throughout the year.
4. PCI-Compliant Data Security
There are many types of data worth stealing, but payment information is usually the ultimate goal for most criminals. If your small business receives, processes, transmits, or even stores credit card details of any kind — it is vital to choose a payment provider that specializes in PCI-compliant data security.
In fact, PCI compliance is an industry requirement for credit card acceptance — but don’t stop there.
You should erect additional roadblocks to keep criminals out, including:
In addition, real-time verification technologies like strong customer authentication and 3D Secure are increasingly becoming standard in the payments industry. Further, artificial intelligence (AI) shows tremendous promise in the fight to combat fraud and abuse.
Cybersecurity Is a Process — Not a Fix
The above tips can help limit your exposure, but there are no preventive steps that can keep you 100% safe at all times. That’s because cybersecurity is a never-ending arms race.
Despite having huge budgets and teams of security analysts at their disposal, they both fell victim to data breaches. Neither had a game plan for how to handle the aftermath.
As a small business owner with limited IT resources, you’re even more at risk of a cyberattack. That’s why we’re dedicating all of next month’s articles to advance tips that can help keep you safe.
Stay tuned for our upcoming blog series on National Cybersecurity Awareness Month.
If you need help safeguarding your payment environment in the meantime, schedule a free consultation with our merchant services team today.