I’m going to share a true story with you which I’m sure could easily be added to one of Jeff Foxworthy’s “You know you’re a red-neck if” jokes. When I was a young teenager, my brother’s friends would ‘toilet paper’ my yard. Little did they know the problems their playfulness caused. You see, my dad would make us gather it all up in brown paper bags, and he placed the bags in the bathrooms and removed all other TP until we finished with everything in the paper bags. This presented a very painful and unpleasant bathroom experience, because we had several evergreen bushes in our yard. No matter how hard we tried, we could never find and remove all the stickers, prickly leaves and thistles wedged in the TP.
Free toilet paper seemed like such a blessing to my dad, but it came with scrapes and bruises that have left a lifetime of unforgettable, miserable memories. Just like the toilet paper in this story, developers have designed an awesome website with all the bells and whistles, but have also left their websites susceptible to vulnerable holes that allow online hackers to easily ‘stick’ us with very unpleasant consequences – much more severe and lasting than a sliver in your rump.
Has your company been hacked?
Robert S. Mueller, III, former FBI director, made this now-famous statement a few years ago. “There are only two types of companies: Those that have been hacked and those that will be hacked.” But that was then, and this is now. In today’s online world, there are only two types of companies: Those that have been hacked and those that don’t know they have been hacked.
If Target, Sony, Yahoo, eBay, Sonic, Whole Foods, Equifax and thousands of other businesses would have been receiving regular security scanning services from an approved scanning vendor (ASV) certified by the Payment Card Industry (PCI) Security Standards Council and making the suggested improvements, our personal information may have been cyber safe. Instead, the world is in a panic, and the compromised companies are spending millions to try and redeem themselves. But, the hard reality is that you and I will think twice before using any of these services again.
According to the top experts from PCISecurityStandards.org, there is a list of items businesses need to comply with to help be protected from potential online criminal attacks on their websites, networks and/or point of sale (POS) credit card terminals.
- Use strong passwords and change default ones
- Protect your card data and only store what you need
- Inspect payment terminals for tampering
- Use trusted business partners
- Protect in-house access to your card data
- Use anti-virus software
- Use a SSL certificate and/or secure and encrypted payment processing solution.
- Scan for vulnerabilities and fix issues
- Use secure payment terminals and solutions
Having your website, network and/or POS terminal scanned by an ASV is not the only essential component to being cyber-safe and PCI compliant, but it is a vital step that gets overlooked far too often.
Cybersecurity is a serious issue that affects all of us. We can no longer sit around thinking, “I won’t get hacked; that only happens to other people.” The reality is that no business is immune to online hackers’ criminal tactics.
Cybercriminals use bots that they’ve created to search for online businesses that have holes and vulnerabilities they can easily exploit. Malicious bots can potentially run all night, and then when the hackers open their computers the next day the bots have found numerous vulnerable websites, servers, networks and/or POS credit card terminals to steal personal identifiable information and credit card data from.
These hackers are causing havoc not only for e-commerce websites but for any and all websites.
On a Lake Dallas Independent School District website, student hackers gained access to more than 3,000 names, addresses, personal identifiers, dates of birth and Social Security numbers and even stole lunch money. Imagine what a professional hacker could do!
And it’s not just large organizations that are being targeted by cybercriminal jerks. According to a recent Malwarebytes report, a third of small to medium-sized businesses (SMBs) were hit by ransomware last year, and ransomware attacks caused 22 percent of affected SMBs to cease business operations immediately.
Regardless of what kind of online business you have, your website is not safe from the outstretched hands of cybercriminals. You should do all you can to keep your business and customers cyber safe. Act now by scanning your website, network and/or POS terminal for vulnerabilities and immediately repairing security holes found.
Here are some suggestions from the PCI Security Standards Council (comprised of American Express, Visa, Mastercard and other leading payment providers):
“New vulnerabilities, security holes and bugs are being discovered daily. It’s vital to have your internet-facing systems tested [scanned] regularly to identify these new risks and address them as soon as possible. Your internet-facing systems (like many payment systems) are the most vulnerable because they can be easily exploited by criminals, allowing them to sneak into your systems. The PCI Council’s Approved Scanning Vendors (ASVs) perform external vulnerability scanning and reporting.
Ask your merchant bank if they have partnerships with any PCI Approved Scanning Vendors (ASVs). Ask your vendors and service providers too. These vendors can help you with tools that automatically search your network to find vulnerabilities and provide you with a report if, for example, you need to apply a patch. Ask your ASV for help correcting issues found by scanning.”
As a reminder, not only do your websites and servers/networks need to be scanned routinely, but if you have a POS credit card reader/terminal, that POS equipment should be scanned routinely too. I am sure you are familiar with stories of POS hacks with Target, Wendy’s, Sonic and Whole Foods.
Finally, if you are doing everything you can to protect your online business, clients, partners, online-shoppers and POS terminals, then you should NOT keep that a secret; shout it loud and clear. It should be a priority to let all your consumers and associates know that you are cyber safe. The best way to do this is by placing a trust seal (wherever necessary) acknowledging that you are doing everything you can to help ensure you are cyber safe.
Sadly, the nature of the internet has created new challenges for business owners. One of the most difficult challenges has been overcoming the distance and anonymity that make the internet both convenient yet questionable and seemingly unsafe. While a shopper is able to order a wedding dress from their cell phones while running to a meeting, that very convenience also takes away their ability to verify the people with whom they’re conducting business.
A trust seal is an easy, cost-effective solution for business owners who want to create trust between themselves and online shoppers. Third-party verification can go a long way for those who want the ease of the internet but are cautious and don’t want to be victims of fraud, theft or bad business practices. A seal takes the gamble out of online shopping, which statistically is why it significantly increases sales conversion. It’s an affordable win-win solution.
In conclusion, be caught on the news as being the ‘next’ victim that’s been hacked. Take action now. Find an ASV of the PCI Security Standards Council to routinely scan your network, website and/or POS credit card reader. Make sure that any vulnerability holes are fixed. Then let everyone know you are cyber safe by posting a trust seal for everyone to see.
Good luck at getting cyber-safe. I am an optimist by nature and I believe there is still much good in the world and plenty of good to be achieved.
About the Author
Luke Brandley, chief marketing officer of global cybersecurity leader Trust Guard LLC, is happily married to his beautiful sweetheart, and they have nine super busy and incredibly amazing children. Luke Brandley graduated at the top of his class from Utah State University’s School of Business. He has been a longtime entrepreneur and has 20+ years of experience managing and running businesses. Luke has managed operations with more than 700 people. As chief marketing officer for Trust Guard, LLC, he champions all corporate partnership relations and sales operations. Trust Guard, for over a decade, has provided superior PCI-compliant malware protection and cybersecurity scanning solutions as an ASV partner.
Being the youngest of eleven boys, he is often reminded by one of his older brothers, “Just be grateful mom and dad had enough DNA left to give you a brain.”