5 Security Tips For Small Business Handling Online Payments
It’s no secret that the internet is no longer a safe place thanks to the escalating number of attacks around. Interestingly most of us tend to imagine, that attackers love going for the big fish but this is not true. Small businesses are even more prone to cyber-attacks. Because they are many in the pond plus they are always the weaker links. This means that if you own a small business, then you should always work to seal off your business perimeter from cyber-attacks. But just how do you do it with limited resources? Well, one place to start is to secure payment transactions within your business infrastructure and we have some tips for you!
Why Should Small Businesses Secure Transactions?
If you are one of those many businesses that underestimate the dangers of data breaches then you have to think twice if you take a look at some of the recent stats in the realm of data breaches. For instance, in 2016 it was estimated that data breaches had increased by a whopping 40% while it was also the year that saw the largest data breach ever reported, affecting more than 1 billion yahoo accounts!
As expected, things got even messier in 2017 with lots of major companies being attacked, the most notable ones being the likes. E-Sports Entertainment, Xbox 360, PSP ISO, Intercontinental Group Hotels, Arby’s, River City Media, Gmail, Verifone, Dun & Bradstreet, Saks Fifth Avenue, UNC Healthcare and America’s JobLink just to name but a few. Long story short, you don’t want to go down that road-it can bring your business down to its knees.Don’t get scared though, here are some simple things you can do to start protecting your transactions from “salivating” attackers.
1- Protect Your IT Environment
As a small business, there might be little resources to protect your IT environment but there are still some things you can do. For instance, you can use Comodo SSL Certificate for website security. Comodo is one of most leading & trusted Certificate Authorities and issues SSL certificates after validation of website or business. SSL certificate used to encrypt data traveling between customer’s web browser and your server thus any payment information traveling in this paradigm will be sort of obfuscated from any eavesdroppers. You can also tokenize data if you can-this is the process of removing data from the system and replacing it with an associated value. This way, if someone manages to break into your storage locations, they don’t get access to original data easily.
You should also update your systems frequently to fix any bugs that might present loopholes for attackers. We are talking about things like WordPress, Shopify, your server’s c-panel, SQL, PHP, or your antivirus software or any other system or tool in your IT environment.
2- PCI DSS Compliance
If you are handling credit cards then the first thing you have to do is be PCI DSS compliant. PCI security standards are basically technical and operational standards defined by the PCI Security Standards Council (PCI SSC) with an aim of protecting cardholder data. So how do you ensure that you comply with these standards? It might be a headache for many small and medium businesses but to simplify things, you can check how you can comply by taking a Self Assesment Questionnaire.
3- Educate Employees About Data Breaches
Data experts and security professionals do concur that employees are the weakest in the quest to secure businesses against attacks. In 2016, Experian-a Data Breach Resolution provider did a data breach survey where it was established that nearly 70% of data breaches are caused by employees either through negligence or if they fall prey to phishing attacks. It was more or less the same feat in a study done by Keeper Security and the Ponemon Institute which found that careless workers were behind the rise in ransomware attacks. In fact 79% of the small and medium enterprises who admitted cases of attacks also revealed that the attacks were done via duping employees into clicking a malicious link.
This is just the tip of the iceberg but it serves to show that it’s time to focus on the employee. But, it’s not just about telling them to sign a security policy or something of that sort. It is about behavioral change en route to creating a security culture within the business. You can start by conducting regular training on the essence of being cautious of data breaches. Face to face training is the best, in this case, to ensure that employees wrap their heads around the issues at hand. Moreover, you should repeat the process perhaps on a quarterly basis with the aim of encouraging a ‘security-first’ perspective from employees.
You can also go as dummy phishing the employees if you have the enough IT resources. This will help reveal the areas of training you need to improve or even employees that need more attention.
4- Steer Away From Storing Payment Data
You should also desist from storing any payment data you don’t need. In fact, you should always get rid of that payment info you don’t need. If you must store any payment data, then you should do so under proper strategies to protect any attackers from them. Some regulations such as the Fair and Accurate Credit Transaction Act of 2003 (FACTA) prohibit you from storing and sharing information like the full credit card numbers of your customer and the corresponding expiration dates.
5- Beware of Your Partners
Outsourcing and partnerships are a norm in the world of business but you should be wary of sharing your contentious data with a partner who hasn’t implemented the right security measures. This may be a payment processor or even an e-commerce platform. You should always go for the most reputable partners around and if you are not sure then make a point of doing some research from open source platforms like Consumer Affairs and The Better Business Bureau.
In conclusion, payment security is a continuous process which calls for an evolution in data protection strategies particularly with the ever-evolving technology. This means that you should always keep abreast with new strategies if you are to stay ahead of attacks. Of course, SMBs run on limited funds but still, some of the resources ought to be channeled towards keeping the business safe!