It seems that more and more headlines these days are dominated by the latest cybersecurity breach. Target, Home Depot, JP Morgan and others have all been the target of sophisticated hackers and cyber thieves trying to steal customers' sensitive personal and financial information to exploit or sell on the black market. Yet while attacks on global banks and big retailers grab the world's attention, small businesses, startups and entrepreneurs are at serious risk as well.
If you are a small business owner thinking that "these kinds of security breaches could never happen to me," you are mistaken. According to Symantec's 2013 Internet Security Threat Report, 31 percent of cyber-attacks committed in 2013 targeted companies with fewer than 250 employees. As the evolution of technology and integrated networks continues at a rapid pace, the interconnected economy that is helping drive growth for so many small businesses is also creating vulnerabilities that threaten to outpace the ability of many entrepreneurs to protect themselves.
Even so, there is some good news. Just as diet and exercise, regular doctor visits and health insurance are critical elements of a holistic plan to keep your body healthy, there are important steps that small business owners can take to vaccinate their business against infection, strengthen their network's immune system, and protect their data and that of their customers or clients against invasive, foreign viruses that threaten their enterprises.
In recognition of October 2014 as the 11th annual National Cyber Security Awareness month, we are prescribing a three step program of best practices that every small business and entrepreneur should follow to improve the cyber health of their company:
1. The One-Two Combination Punch: Encryption and Tokenization
Everyone knows that diet or exercise alone is not enough to keep one physically fit, but combining the two is a time-tested way to stay healthy. In the same way, small business owners need to combine the right technologies to create a cost-effective strategy that reduces risk and maximizes return on their cybersecurity investment. The combination of encryption and tokenization is an effective strategy to minimize security weaknesses, address authorization vulnerabilities and protect sensitive stored data.
Encryption occurs at the point of sale in the credit card terminal, encoding a card's number when it is received by the merchant, so that even if hackers access the data, their numbers are useless and cannot be used. Tokenization is a technology that protects the cardholder by creating a "token" that replaces the credit or debit card number so the real number and identity is never transferred. Using encryption and tokenization together protects customer data and thwarts even the most sophisticated thieves, minimizing fraud and protecting the cardholder even after the purchase is validated.
2. Inoculate Against the New Superbug: Updating Your Security Technology
Just as advances in medicine and technology are necessary to stay ahead of mutating viruses that are adapting to resist today's drugs, it is important for small business owners to keep their security technology and software systems up-to-date to protect against aggressive criminals. New point of sale systems and devices and EMV technology (which stands for Europay, Mastercard and Visa, a global standard for inter-operation of integrated circuit or "chip" cards) are critical to protecting cardholders and the business. EMV technology replaces the magnetic strip on credit and debit cards with smart processing chips that enable more robust verification to protect against consumer-level fraud. As EMV becomes more the standard more widely, businesses are upgrading and replacing their point-of-sale card terminals and devices to ensure compatibility with this cybersecurity innovation.
3. Talk to Your Cyber Health Professional: Consult Your Financial Institution or Processing Partner
October is not only National Cyber Security Awareness month, but it is also the beginning of flu season. Did you get your flu shot? Maybe it's also time for your annual physical and check-up. There is no better time for small business owners to reach out to their trusted partners at their preferred financial institutions and processing partners for a check-up on the health and security of their business systems.
These trusted partners can help small business owners better understand their data security responsibilities, review available solutions and implement a plan to ensure long-term business protection. The partners are responsible for keeping clients informed of potential risks and consequences and arming small businesses with the technologies to keep clients and customers safe and secure. Financial institutions and processors can help implement the necessary measures to deploy a comprehensive security program to ensure small business owners and customers are protected from criminals so merchants can conduct business with confidence.
Whether or not you have been infected in the past or if you are experiencing symptoms today, now is the time to make sure you, as a small business owner, are immunized and inoculated against looming cyber threats. Utilizing encryption and tokenization, updating to EMV-compatible point-of-sale technology and consulting with your financial institutions and processing partners are the key ingredients necessary to keep your business healthy and growing, today and into the future.