The latest massive data breach of Visa and MasterCard customers that occurred at Global Payments is just another reminder of how sensitive information can be. While up to three million accounts may be affected, small business owners should take note—experts say no matter what size your company is or how much data you have in your possession, you are just as susceptible to hackers as your larger counterparts.
Alan Wlasuk, managing partner at 403 Web Security, said small businesses almost never give data protection the attention necessary to properly safeguard their information.
“Most believe they are too small, or their data or business is not large enough for hackers to care about them,” Wlasuk said. “They’re not aware of the security problems they might have in their environment.”
Even what may seem like insignificant data like user logins and passwords, for example, should always been encrypted, he said. Most consumers will reuse their logins and passwords on Websites across the board, so hackers will have access to more sensitive information than just what your business has on file.
Ondrej Krehel, CISO at Identity Theft 911, said small businesses often overlook the regulations they must be in compliance with when securing consumer information.
“They need to get more familiar with the standard industry requirements—that should be their number one priority,” Krehel said.
So while you may think your small business is off the radar for hackers, Krehel and Wlasuk said that’s not so. Here are their tips for getting your business in check with data protection, and keeping your information, and your customers’ data, safe.
No. 1: Use Malware. This is a quick and easy way to ensure protection for your business, Wlasuk said. The total price tag is around $500 yearly, and will cover your entire business from “keystrokers” or hackers that lure victims via email links and subsequently track everything they type.
“It’s not rocket science, and it will protect you from keystrokers,” Wlasuk said.
No. 2: Update, update, update. Make sure any program you are using has up-to-date security patches installed, Wlasuk said. Any content management system being used, for example, should be checked at minimum each month for updates.
“One person in your organization should make sure they are being patched,” he said.
No. 3: Understand what you have. Once businesses start taking customer information, they need to understand the magnitude of the data they have in their possession, Krehel said. Also, read over contracts and be clear on what your responsibilities are if there are third parties involved. Be clear on who is responsible for that information in the case of a breach, he said.
“It’s understanding the game,” Krehel said. “I don’t think they understand the angle of being breached tomorrow and how it will impact them.”
No. 4: Consider cyber insurance. While this is a pricier route to go, both Krehel and Wlasuk said it is worth investigating for the money and trouble it can save you in the event of a breach.
“Even small breaches really add up,” Krehel said. “Businesses are not really aware, and don’t run risk analysis of how this will impact them.”
If you do purchase this coverage it can run thousands of dollars, depending on the size of the company and data you have in your possession. However, it will pay for a breach if it does occur, and help you navigate the post-breach landscape, Wlasuk said.
Click here for more articles on “Protecting Your Small Business.”