Rockford, IL—Today, large companies spend millions of dollars acquiring sophisticated cybersecurity programs and invest great amounts of money to keep customers information safe, such as credit cards, customers' personal information, profiles, and a lot of other forms of marketing data that is obtained from customers. Large store chains and other larger businesses are spending the money and as we know, they are not free from troubles when it comes to "security breaches."
On the other hand, a concern that does not come up often is what happens with the small business, the small mom-and-pop, and other smaller businesses where most of us shop and consume services everyday. On this article, the focus will be on cybersecurity risks small businesses face today and offer some ideas to solve their cybersecurity risks with little cost to the operation.
Perhaps a myth that we may address right away is that small businesses are different than a big business.
The myth is absolutely incorrect. Just like the big business, the small business is dealing with the same kind of critical information when dealing with customers from financial to personal information that could be compromised.
On an article by USA Today, on July 4, 2011, titled "New cyberattacks target small businesses," the article goes into some disturbing facts. They talk about malicious codes injected into 20,000 to 30,000 sites that small businesses rely to conduct their businesses. The code then steals the small business information when the software is accessed. Therefore, the small business is vulnerable just like the big businesses by attacks by sophisticated criminals.
On the same article, it notes that Google Chrome, Firefox and Apple's Safari browsers block access to 700,000 sites that are currently blacklisted on a daily basis. So the small business may be relying too much on the browser to protect them or on the advice of someone without the training to keep the criminals out of their business and out of their customer personal information. Which leads to a question…
How safe are the small shops and small business when it comes to cybersecurity?
A perfect answer to this question may be hard to be found. A fact is that everyday most of us will be doing business with small store, small business, and someone perhaps not interested spending money in cybersecurity, even paying for an anti-virus software, as we have found in many small businesses, after their financial information was compromised.
While simple firewalls, passwords for wireless networks, anti-virus, and security measures are able to ensure that nobody gets into their networks and steals their information and their customers' information, these minimum steps must be taken by the small business at the very minimum. However, it is not something that widely practiced by small businesses because of costs or perhaps because they believe that too small to become a target.
The truth is that solutions may not be that expensive but the small business may need to hire an internet security consultant to help out and assess the vulnerabilities. The bottom line is that the small business many times relies on cybersecurity from self-learned or teens in the household, while exposing their customers to risks of financial fraud or in some cases identity theft. Of course they are also at risk as many times their financial information is compromised.
With this in mind…
Should one be concerned with this risk or simply rely on the credit card protections in place in case someone takes your credit card and goes out on a shopping spree?
Again, there is no perfect answer, but many people who have been victims of financial fraud because their credit card was stolen, can tell us many horror stories because their only credit card or ATM card suddenly stops working, while they are out on a trip and now they have no money, while the bank investigates.
It is impossible to assess how many small businesses are actually taking the necessary steps to safe-guard the personal information from customers and clients. The statistics vary but what makes headlines are the security breaches to large companies and not the small business.
However, people who have become victims have a lot of stories to share with these small business owners trying to cut costs and not take some minimum steps to secure their information. The stories are taken by local police departments all over the United States from people like you and I, whom all of the sudden face a battle like no other and their credit histories have become compromised because someone out there decided not to secure their information.
The Department of Homeland Security (DHS) on their website devote a section titled "Cybersecurity is everyone's business" and educates small businesses to protect against security risks. The same section states that the most majority of nation's cyber infrastructure is on the private hands of small to mid-size businesses. The same businesses of course are the ones who are more vulnerable to criminal attacks according to the DHS's website.
While it is hard to determine how secure is the information you are transacting on a daily basis, one thing is sure, if the business is not using even the most basic forms of cybersecurity, your personal information may be available for anyone with some skills to get into the network and steal it.
A recommendation from the CEO of Innovatech, Miguel Granados is that people should never trust establishments with their credit cards. He adds "Our culture is about paying with plastic, which means we are at the mercy of crooks who will not hesitate to steal your money or financial data. In this technology era, no one is safe and businesses should keep their security software up to date as well as keep their staff trained. As an example: Some of our clients have found electronic strips inserted inside the ATM or credit card readers and when you slide your credit card in the skimming device reads it first, and then the actual card reader with the pin number by using cameras in certain locations. The victim does not notice anything different because in most cases the transaction proceeds as expected. But now a crook has an exact copy of your card data without your even realizing it."
Mr. Granados states that if you don't feel comfortable paying with your Credit Card you should use cash. Additionally if you have no cash, use Credit and not the Debit option, when the paying options are offered at the point of purchase. Even when the money is coming out of the same account, using the ATM is giving the criminal now access to your pin. Also hand to the cashier your credit card or ATM card so he or she can swipe it on the terminal on their side and not on the keypad that everyone uses, as these keypads are the ones that become compromised more easily.
Training employees against security breaches, reporting any suspicious activity, like anyone tampering with their ATM or electronic cashier's machines are steps that can be taken but many small to large companies. It is highly recommended that the small business hire an Internet Cybersecurity Consultant who would come out periodically to evaluate and enforce security protocols.
With that in mind, small businesses could do the following to prevent becoming conduits to criminal acts against their customers:
- Provide staff training on how someone could temper with their ATM and Credit Card equipment.
- Assign an employee or manager to do inspections on a daily basis or weekly basis to minimize the risks of all the terminals. Installing an additional card reader strip or even a mobile camera can take minutes and could go undetected for months. As some of the larger store chains have found out.
- Verify the equipment obtains any additional software and hardware updates. Don't neglect obtaining an update just because the next one will come out in a few months. Stay on top of these updates.
- Video surveillance and cameras positioned on the right places can also deter criminals from tempering on your equipment. And as crimes take a while to be reported, obtain extra hard drive space to store 3 to 6 months of video. Many businesses use small storage hard drives and when evidence is needed is not found because the cameras only record for 10 days or two weeks at the time. Memory and equipment to store is not that expensive anymore.
- Always have an up to date antivirus and antispam software (kaspersky internet security, ESET antivirus just to name some).
- Never give anyone outside your business the wireless password to access your network, even if the person is someone you are doing business with, except of course your IT consultant.
- As a small business, consider that you are taking in your customers’ information that could cause significant damage to their credit if it is compromised. This is the same information a large Fortune 500 business is taking from their customers.
- Hire a cybersecurity professional. The money spent is well worth for prevention. After the business is a victim a of security breach, the costs could be a lot more expensive. Litigation is beginning to show up in several states and mainly because businesses are found to be breaching their duty of care.
- A small business should get a cybersecurity assessment about their computers and cyber operations at least once a year. Do not rely on your credit card provider. Costs could be from $300 to thousands depending on the number of stores the business has or the complexity of the operation.
- Do not rely on your children for IT support. IT consultants are trained to provide you a complete service. You do not have to implement everything all at once. Things can be implemented in steps and make it more affordable with the right advice.
- While you see yourself as a small business, you may actually have the need to hire an IT person to handle your IT needs. Let the cybersecurity consultant offer you options. Keep in mind that private companies and the public sector are hiring embedded IT consultants who can tap into teams of IT professionals when questions become more complicated. If you have one employee in the IT area, make sure continuing education is secured or you may as well just hire your children.
- As a small business you should always shop around for IT and Cybersecurity solutions but not always go for price. Ask for references and keep in mind that happy customers are always the best references with businesses similar to yours.
While addressing the small business cybersecurity needs and risks today, there is definitely plenty of training and opportunities on government websites that offer good and sound advice. Implementing anything offered on the web may be what takes the small business into a secure environment.
The small business must be committed to the idea of securing their business operation and doing it effectively. And finally, implementing technology should always be considered as an investment for high productivity, reliability, efficiency and most important: profitability!