Small businesses are failing to protect themselves and their customers from cyber-attacks, and do not know how to militate against a possible attack.
According to Barclaycard research conducted in April, 48% of small businesses have been hit by at least one cyberattack in the last year, and 10% suffered repeated attacks.
To help small businesses protect themselves and their customers, Barclaycard has provided the following top tips:
1.Cover the basics: Firstly, all businesses should complete a risk assessment to understand what potentially sensitive or valuable information is being held, and where it is. This informs what controls are needed to protect customer data. By identifying what data is attractive to criminals, businesses will be in a much better position to take the right precautions to keep it safe.
Adhere to standards: All businesses must be compliant with the Payment Card Industry Data Security Standards (PCI DSS) which are designed to ensure they are processing and storing customer card data as securely as possible. Being compliant won’t stop businesses from being targeted by cybercrime, but it will make sure that they’re in the best position to prevent an attack, helping them avoid the financial and reputational losses.
Enlist the help of a web developer: It is important for businesses to ask their web developer how they are protecting customer information, including personally identifiable data. Web developers should also frequently be conducting patch management, monitor the site for suspicious activity and regularly search for traces of malware.
Keep the conversation going: Security is not a one-off cost, it’s an on-going – and essential – business investment. Maintaining a dialogue with the web developer and payment provider allows businesses to keep abreast of the latest cyber threats and solutions, which will ensure they stay protected even as the landscape changes.
Stay alert: In the event that data is compromised, businesses must stay alert – this is because one merchant’s data breach may lead to fraud on the website of another. Fortunately, the payments industry has put in place a number of measures to help restrict the damage. Existing solutions include 3D Secure, Card Security Code and the Address Verification Service. These all require customers to enter additional information at the point of sale during card-not-present transactions to assess whether the transaction is genuine. Additionally, the Industry Card Hot File – a subscription service which compares card details against a list of lost or stolen cards – can help to block attempted transactions made as a result of a data breach.