No Business Is Too Small For Hackers

By Arianna Graterol, Marketing Communications Manager, Netsurion

It's National Small Business Week, which means it’s time to celebrate the hard work you do and ensure that your business continues to grow.

Have you ever thought about what would happen if your business were affected by a data breach? We all constantly hear about well-known brands being breached. You may think to yourself, “Oh that would never happen to me … the big guys are the easy targets for hackers.” In a way, cybercriminals do love going after “the big guys,” mainly because the bigger the company is, the more credit card information they house — hence more money to go after.

But in reality, the easiest targets are small businesses. Big corporate brands have extensive IT teams working to make and keep their networks secure, thereby creating greater obstacles and difficulties for a hacker. Yet, as you can see from the news headlines, they often still manage to get in.

Now imagine just how quickly these cybercriminals can get into multiple networks of small businesses — especially since these smaller companies typically lack IT staff monitoring their network activity. Easy targets, right?

Do you ever hear about the small restaurant down the street that got breached? Not really, but just because it isn’t front page-worthy news does not mean that small businesses aren’t being compromised as well.

The sad truth is a breach will hurt a small business and its reputation. According to First Data Market Insight, $36,000 is the average cost of a data breach for small businesses. Could you imagine the effects on your profits? What about your customers? You may not make it in the news, but your customers will find out. On top of the costs of a data breach, your regular customers may stop shopping or dining at your store or restaurant. In fact, 31 percent of customers have terminated their relationship with a business after being breached.

Be sure to take the following measures to prevent a data breach at your small business:

1. Maintain a strong firewall — the PCI data security standards prescribe firewalls for compliance. A managed firewall is the first and most important line of defense for your network.
2. Conduct regular scans of your network — the best way to determine if your systems have been compromised is to scan them regularly for vulnerabilities. For relatively low annual fees, a security vendor will remotely scan all of your external systems’ access points to determine if any are vulnerable to intrusion.
3. Limit remote access — many restaurants and retailers leave their firewalls open to outside entry by managers working remotely or vendors who routinely perform maintenance on systems. Create strong passwords instead of using the default codes, and change them often. Similarly, always change default firewall settings to allow only essential access, and limit remote access to secure methods such as VPN.
4. Ensure all credit card data is encrypted — if you have older POS equipment that sends raw credit card data to a back-office server, it may be time to upgrade. Modern, secure POS systems encrypt credit card data as soon as a card is swiped, and they immediately send that data to the payment processor without temporarily storing data. Double-check your POS system to make sure it complies with PCI standards.
5. Segment your network — for example, make sure your POS data traffic is separate from your Wi-Fi, security cameras, digital menu boards and other connections. If you want to enable managers to connect to the POS via Wi-Fi, connect them through a virtual LAN that separates authorized traffic into a security zone.

Does this sound like adding a lot more duties on your plate? Luckily, you can always outsource these duties to a specialized team whose main job is all of the above and more. The cost of a data breach will always be higher than the cost of protecting your data in the first place. Managed service providers will take care of security, so you can take care of your business and customers.