How to prepare for, and avoid, a credit card data breach
It’s every business’s nightmare: a hacker has cracked your security and made off with your customers’ credit card data and more. You’ve heard about major corporations that have had a credit card data beach through news reports. But it’s not just the big guys who get hit; smaller companies are targeted all the time. In fact, Vantiv research shows that 80% of attacks target small businesses. Nearly 60% of these businesses shutter their doors within six months of the breach.
But there is good news. According to the Online Trust Alliance 2016 Data Protection and Breach Readiness Guide1, over 90% of breaches are preventable. You can take simple steps to avoid a big problem. It’s easier than you think.
Keep Technology Updated
Anytime security vulnerabilities are spotted, the compromised software rushes to get a patch together. Those endless Windows updates you get? Mostly closing security vulnerabilities. So quit putting off those updates. It’s the easiest way to secure data. The second easiest is to make sure your hardware/software is modern. Someone still running Windows XP to access data? That’s an easy mark for a hacker.
Limit Remote Access
One of the most overlooked causes of data breaches is remote access. Most contemporary desktop operating systems have some sort of remote access software built-in. Your POS systems probably have it as well. And desktop sharing software, like GoToMeeting, Team Viewer, and Skype, are installed everywhere for legitimate business purposes. Misconfiguring these programs can leave your data wide open, a ripe prize for a cyber-thief. If you need to use them on sensitive machines, make sure you get some tight security on them to prevent snoopers.
Watch for Real World Theft
Surprisingly, one of the more successful methods to steal sensitive data is through what’s called social engineering: calling up and pretending to be an employee, physically accessing unsecured machines, leaving malware-infected USB keys or discs around in hopes that someone loads them, phishing emails, and more. These are the con man’s tricks, and they work for breaching your data protection, too. Look out for unauthorized people wandering around sensitive areas, encourage employees to not open unfamiliar emails, and never give out login credentials over the phone.
Collect Only What You Need
You can minimize the impact of a breach by minimizing the data that you collect. Ask yourself for every field you have on a survey, application, or order form if it has a necessary business purpose. And when you no longer need that data, delete it. A hacker can’t exploit or hold for ransom data that they don’t have.
Encrypt, Encrypt, Encrypt
You have to send sensitive data over network connections. That’s how credit cards and other payment systems work. But you can minimize the danger if someone intercepts that data by encrypting that data. You can encrypt stored data, too. Encryption works by scrambling data using a public or private algorithm, which can only be turned back into usable data using a private key. If you don’t have that private key, you can’t read the data. It’s as simple as that. You can eventually brute force a key - that is, use a computer to try every possible key - but it would take about a million years to try all combinations using current supercomputers3. Hackers can’t use data if they can’t read it.
A credit card data breach can be devastating to your business. But it doesn’t have to be. A little forethought can save you a whole lot of suffering.