There’s no denying that Small Business Saturday is a huge boon for small business owners across the U.S. Unfortunately, the holiday’s high volume sales are also prime targets for cyber criminals. It’s a sobering fact, but there has been a steady increase in the prevalence of phishing attacks targeting businesses with fewer than 250 employees – with 43 percent of all attacks in 2015 targeted at small businesses – according to Symantec’s 2016 Internet Security Threat Report. Additionally, the National Small Business Association’s 2015 Year-End Economic Report indicates cyber attacks cost small businesses on average $7,115.26. While small business owners aren’t usually IT experts, there are a number of easy ways to protect customers’ data without needing a degree in cybersecurity.
Here is a quick checklist to prepare your business for Small Business Saturday and the upcoming holiday shopping season.
- Snap a Picture: Take pictures of the front, back cords and connections of all payment terminals, so you know what they are supposed to look like. This will give you a reference point when examining you terminal for tampering. Check your terminals for tampering periodically – look for broken seals over access cover plates or screws, odd/different cabling, new or different messages during a transaction or new devices you don’t recognize.
- Install Patches: Make sure you are current with all available security patches. Ask your vendor or service provider how it notifies you of new security patches, and make sure you receive and install these patches immediately.
- Limit Access: Controlling the access to your payment terminals is very important. Set up your system to grant access on a “need-to-know” basis. Most employees can do their job with access to only a subset of data, applications and functions.
- Shred the Data: The golden rule of payment card security: if you don’t need it, don’t store it. If you do need to keep paper with sensitive card holder data, mark through the data with a thick, black marker and secure the paper in a locked drawer or safe.
- Keep a List: Know who your trusted partners are and how to contact them. Partners can include your merchant bank, payment terminal vendors, payment system installers and service providers. Keep a list of these contacts handy if you have security questions or in case of a security incident.
This list is by no means exhaustive, but it’s a good start. For additional information on how to best protect customers’ data, small business owners can download the “Guide to Safe Payments.” This free resource by the Payment Card Industry Small Merchant Task Force expands upon the concepts above in an approachable way for small business owners.
About the Author
As communications specialist for the PCI Security Standards Council, Lindsay Goodspeed drives awareness of PCI Security Standards and resources for the protection of payment card data.