Small businesses are a prime target for hackers and data thieves. If your firm processes transactions or stores client financial information, at some point a cybercriminal will make an attempt at stealing that data. Statistics show that 60% of small businesses have been the victim of a data breach, and 60% of those affected businesses were forced to close their doors within six months of the incident – due primarily to the $20,000+ price tag attached to one of these breaches.
It’s not just businesses that are concerned about this type of cyber crime. 69% of consumers worry that their credit or debit card information will be compromised by theft or the actions of a careless business. So even if your business can survive the financial damage caused by a data breach, the damage to your reputation might keep you from successfully rebuilding.
This is why PCI (Payment Card Industry) compliance is critical for all businesses, regardless of their size, or the number of transactions they process. Reaching compliance starts with assessing your payment system and data storage policies, and figuring out what changes need to be made to keep your customer data secure.
Store Only What You Need
Get in touch with your payment terminal vendor or bank, and find out if there are things that can be done to simplify the way your business processes payments. The more direct the process is, the less room there is for carelessness or errors. It’s also important to make sure you understand how different types of transactions work, and how you can process them without hanging onto extra pieces of sensitive data. For example, processing reoccurring payments without having to store the card’s security code.
This logic applies to both digital and hardcopy data. Securely shred or otherwise destroy documents that contain card data. If for whatever reason you need to keep copies of forms or other materials on hand, black out card data with a permanent marker, and maintain the documents in a locked drawer or file cabinet. If you need to request payment data from a customer, never send or receive that data via email. Ask for the information over the phone, or have the client fax or mail the information to you.
Install Patches From Your Vendors
It’s important to remember that software and other technology is created by people. So just like people, technology is often slightly flawed. Unlike people, these software flaws can be corrected quickly with updates and patches. These flaws offer hackers a way inside your systems and network, which makes keeping your patches up-to-date critical.
Make sure you speak with your payment terminal vendor and any other providers or providers about how they will notify you of these updates so that you won’t accidently miss one because you weren’t aware of it. Clarify which updates will be applied by the vendors themselves, and which need to be handled on your end. This is just as important for businesses whose sales are primarily or exclusively e-commerce. Have that same conversation with your hosting provider.
Don’t Give Hackers Easy Access To Your Systems
The first step towards keeping hackers out of your system is making sure you can trust the people who have access to your system. If your vendors are accessing your system or your data improperly, they could be accidentally leaving a gap in your defenses for a hacker to make use of. If any of your vendors use remote access for updates or support, find out how to limit that access. Start by disabling default remote access settings, only allowing access after you’ve given them permission.
Make sure the remote access program you are using has multi-factor authentication and secure encryption, and check that the credentials your vendor is using for your business are unique to you, not shared by multiple other clients.
Use Antivirus Software
Having an antivirus program installed and activated is system security 101. This very basic precaution is the foundation of your system and network security. Antivirus and antimalware software are designed to detect malicious code and keep that system from causing damage, or being used by hackers to exploit weaknesses in other software.
This is where it becomes important to not just talk to your payment terminal vendor, but your IT support provider. Keeping your antivirus updated and patched is crucial, as is routinely scanning your system for potential issues or vulnerabilities. Ideally, there should be eyes on your system at all times, watching for possible threats.
Protect Your Business From The Internet
That same Internet connection your business relies on is the main tool hackers use to gain access to your systems. If possible, don’t use the device you take payments and process transactions on for any other use. Have a designated device for sales only, and instruct your employees not to surf the web or check email or social media from that device. Treat it like a cash register; if you couldn’t do it from a regular old till don’t do it from your sales device.
Keep your Wi-Fi secured, and install a firewall to screen web traffic. Your firewall should secure your network as a whole, but if for whatever reason your firewall can’t protect your payment terminal, install a personal firewall directly on the device.
Make Your Data Useless To Criminals
Encryption is your best weapon against data theft. Whether it’s being transmitted or stored, encrypting sensitive data renders it unreadable to anyone who doesn’t have the authorization to access it. Depending on the payment system your business has in place, encryption may already be built-in. If it’s not, talk to your IT support provider about the options available to you. Encryption is a slightly more complicated process than most other security measures, but the protection it provides is well worth the effort.
Tokenizing card data is useful as well. Unlike encryption, tokenization substitutes the card number for a “token” that acts as a one-time use card number. Even if a hacker were to get their hands on your data, these tokens would be utterly useless to them.
Making sure you understand how your payment system works, the level of risk you’re facing, and the resources available to you to help limit or eliminate those risks is critical. By taking steps to make your business PCI compliant, you’re contributing to protect your business and your customers.
Wondering where your business stands as far as PCI compliance is concerned? For the month of February, RCOR Technologies is offering a Compliance Evaluation and customized plan for continual compliance for only $1395 – $500 off of our regular $1895 fee. Contact us at firstname.lastname@example.org or (919) 313-9355 to take advantage of this great offer. We’re the IT professionals businesses in Raleigh trust.