Cyberhacking should be at the forefront of every business owner’s mind. According to IBM, companies face a 26 percent chance of a data breach in a 24-month period. And hackers are only getting smarter; data breaches reached a record high in 2016, according to the Identity Theft Resource Center.
As a PCI Level 1-compliant Merchant Account Provider, we live and breathe security. Without adhering to the highest standards, we wouldn’t be able to serve our customers effectively. We believe every business should be secure to protect both its own interests and those of its customers.
Here are our recommendations for best practices to up your business’s cybersecurity:
- Screen Emails for Phishing Attacks. Hackers are becoming more creative and skillful with phishing emails. With the intent to obtain sensitive information (i.e., usernames, passwords and credit card information), these emails disguise hackers as a trustworthy contact prompting you to click a link that can lead to the installation of malware.
Wombat Security Technologies found that 42 percent of organizations surveyed between 2014 and 2015 suffered malware infections as a direct result of successful phishing attacks. Its research confirmed that phishing attacks are growing in volume and complexity. Businesses need to be even more vigilant when opening and, especially, when clicking links in emails. This applies to mobile usage too.
If an email looks phishy, we recommend picking it apart carefully to confirm the sender’s identity and reviewing the copy. Hard-to-spot phishing emails usually come from an address almost identical to a contact of yours, but off by one character or from a different email domain.
Pick up the phone and call that contact to confirm that she actually sent you the email. If the email is asking you to click on a link or fill out a form, exercise caution and double check before doing so. If you complete the action requested, there’s no turning back if it’s a phishing attack. Once you delete the email, go to your email’s trash folder and delete it again.
- Stay in the Know. Sign up at Have I been pwned? to be notified if a site you’re registered with has a data breach. More often than not, people use the same password across all of their accounts (yes, you’re not alone); so if one account has been hacked, it’s likely that another with the same password will be hacked, too. With real-time notifications from Have I been pwned?, you’ll have more time to update accounts and prevent information from being stolen.
- Partner With Secure Payment Providers. With the majority of Merchant Account Providers processing payments virtually, it's necessary to go above and beyond when it comes to cybersecurity. Businesses seeking a provider should do their due diligence before settling on a partner. What should you look for?
First, determine how cardholder data is processed and stored. It’s ideal to work with a provider that stores cardholder data on its servers. Why? In the case of a hack on your computers or network, hackers won’t be able to access or steal your customers’ card data. This greatly reduces the chance of a major data breach at your business, as well as the resulting financial impact you could face.
Next, use secure websites to facilitate payments. You can determine whether a webpage is secure by checking its URL. If it starts with ‘https://’, it’s a secure site. Without the ‘s.’ the website is communicating with the browser in a regular, non-secure language. The data is not encrypted, so it’s possible a hacker could drop in and gather information being filled out, such as cardholder data or personal information.
This level of security requires annual audits and passing relevant inspections. You can check to see if a provider is PCI compliant by visiting the Visa Global Registry of Service Providers.
Are you considering your business’s cybersecurity when making decisions? If not, it’s time to start. With technology improving and hackers only getting smarter, you’ll leave your business vulnerable to a data breach if you don’t consider this vital pillar in your business’s structure.
Has your business dealt with a data breach? Do you have additional cybersecurity measures to share? Contribute to the discussion below.