At this time of the year, the air becomes crisp and holiday excitement starts brewing. For online retailers, visions of jingle dollars dance in their head as the holiday season represents up to 30% of annual sales. But when sales go up, so does the activity of cyber criminals.
For SMBs, cyber threats are magnified since they generally do not have the same level of security as larger retailers, feeling they can’t afford an IT solution. As larger retailers invest serious resources to foil major cyberattacks, cyber criminals have redirected their focus to the SMBs they believe will be more susceptible to their attacks. According to the Verizon 2019 Data Breach Investigations Report (DBIR), 43% of cyberattacks targeted small to medium businesses.
The average cost of these SMB cyberattacks was $188K. Suddenly spending a fraction of that on a data security solution seems like it would have been a pretty smart investment.
8 Easy Steps for Data Security
As you prepare for the holiday season shopping rush, here are some easy steps you can take to reduce your risk of exposure to a data breach:
1. Do not store card payment data in your network. If it’s absolutely necessary to store card payment data, reduce and minimize where you store it in your network.
2. Use strong passwords and change them periodically. Strong passwords consists of at least 8 characters with at least 1 number, 1 upper case letter, 1 lower case letter, and 1 symbol.
3. Keep software patches up to date. Update your software whenever a patch or update is made available. Check for updates at least once a week.
4. Use strong encryption. If you need to store card payment data or any other sensitive data, encrypt your data with a tool meeting strong encryption standards, such Advanced Encryption Standards.
5. Use secured remote access. If employees need to access your network remotely, use multi-factor authentication (MFA) where an additional identification factor is required in addition to username and password. Train employees not to use publicly available wifi networks.
6. Ensure firewalls are updated and configured appropriately. Hide your wifi network, block all unauthorized traffic into your network, conduct regular audits of your firewall configuration and access, and update your firewall software regularly.
7. Think before you click (phishing or social engineering emails). Train employees not to open emails or click on email links from sources they don’t recognize or trust. Make sure your browser is up to date and that you use anti-virus software.
8. Use a trusted partner. Make sure all your 3rd party service providers meet minimum data security compliance requirements.
Build a Long-term Data Security Strategy
When you get a break from fulfilling the holiday orders, it would be wise to consider a long-term solution for protecting your card payment data and any other sensitive data that you use for your business. Cyber attacks won’t go away when the holiday season is over. The attacks might plateau, but pick right back up for the next seasonal shopping event.
A data breach on an SMB has lasting impacts, such as damage to its brand & reputation, decreased sales, and lost customers. In fact, according to a Sitelock research, 42% of consumers are unlikely to ever return to an SMB online site if they experience a data breach. The longer you wait to implement a full data security solution, the longer you leave your business exposed to this risk.
As you are considering your options, you should identify your data security needs now and what they will be in the future. Once you complete this audit of needs, you should select a data security solution that meets your needs now and will grow with your business as it grows. Here are some things to think through as you consider your options and develop your strategy.
Data Security Solution Evaluation Considerations
-
Does the solution eliminate your need to store the sensitive data and keep you out of compliance scope?
-
Is the solution from a trustworthy vendor that meets data security compliance requirements such as PCI DSS?
-
Is the solution easy to integrate into your existing network?
-
Is the solution relatively easy to maintain and update?
-
Do you own your data?
-
Do you have easy access to your data so you can extract value from it and grow your business?
What if I told you that VGS has a solution that can address all the considerations listed above and more?
VGS eliminates the need for your SMB to hold sensitive data by decoupling and insulating customer systems and applications from sensitive data. Exciting for SMBs specifically:
-
Implement VGS in less than a week, with only a few lines of new code
-
Achieve PCI level 2 compliance in less than a week, and Level 1 as your business grows.
-
Take advantage of flexible pricing, with free or pay-as-you-go options to start that scale with your growth
To find out more about the VGS solution, click here.