Cybersecurity can be a challenge for small businesses everywhere. Follow these guidelines to minimize risk and keep your business and customers safe.
1. Only keep the data needed to complete the transaction. Use a trusted integration that encrypts and stores credit card information. This will also prevent you from being responsible for a breach or leak of any sensitive data.
Take Action: Use a trusted program like Authorize.net, Stripe or Paypal to protect and secure customer information.
2. If you accept credit cards, stay compliant with industry regulations. Staying compliant will not only protect you from fines in case something goes wrong, but studies show that compliant companies have fewer breaches because they are more prepared and have thought through their security.
Take Action: Familiarize yourself with the Payment Card Industry Data Security Standard, or PCI DSS. PCI DSS compliance is required for any organization that handles credit card information.
3. Make sure your website and its data are secure. TLS and SSL certificates are the standards for keeping your website and data secure. Certification is needed in order to use HTTPS, a process that provides encryption, data integrity and authentication ensuring that search engines don’t block your website for not being secure.
4. Train staff to recognize phishing and Business Email Compromise (BEC) attacks, as well as what to do when they occur. Phishing is an email that tries to get someone to hand over their login credentials, personal information, or credit card information. BEC attacks are where a hacker uses a corporate email to impersonate the owner of the organization in order to defraud the company, its customers, partners, employees, etc.
5. Use strong unique passwords with Two-Factor Authentication (2FA). Change passwords every 3-6 months, do not reuse passwords, and always change them after a breach. Keeping accounts secure can help prevent fraud and save you money, time, and reputation – as well as help to create a stronger relationship with your clients.
Take Action: If keeping a variety of long passwords seems daunting, utilize a trusted password manager such as LastPass or Dashlane. This way, you have to remember one unique password and can create strong, unique passwords for all of your accounts.
6. Only use trusted and proven eCommerce platforms that ensure transactions and data remain secure. Make sure any third-party vendors are carefully selected and fully vetted, especially those who will have access to private data or to your website.
Take Action: Check reviews and feedback about eCommerce platforms before selecting or installing them. Look for any issues regarding breaches, data loss, or other complaints that could affect the security of your or your customer’s data.
7. Use a firewall, antivirus, and other tools that check for unusual login attempts or questionable activity. Firewalls help prevent malicious activity from infiltrating your network. Antivirus software provides added backup to your system as well as scanning your system should you suspect something may have gotten through.
Take Action: Compare firewall options.
8. Conduct weekly security audits to make sure the latest security patches are installed — this includes all extensions and applications on your site and web servers. Don’t ignore prompts to install any software updates. These updates protect you from known vulnerabilities and zero-day attacks.
9. Backup your data and keep a copy in a safe location. Backing up your data allows you to recover all the information from an event such as power outage or ransomware. Make sure to test your backup regularly to make sure it is working as planned and that data can be recovered expediently.
Take Action: It is important to store data in another location or device in case of damage to your primary storage or device theft. Data can be backed up on an external hard drive or with a cloud solution.
10. Create an emergency plan and know who to contact in case something goes wrong. It should cover events such as a cyberattack, stolen or lost devices. An incident response plan is a set of instructions to help IT staff and employees detect, respond, and recover from security incidents.
Take Action: Create an incident response plan for your business.