[BreachExchange] 8 Ways to Prevent a Security or Data Breach
Audrey McNeil
audrey at riskbasedsecurity.com
Tue Mar 14 19:07:29 EDT 2017
https://www.business.com/articles/kristen-gramigna-
ways-to-prevent-security-data-breach/
You may not think your small business is large enough to attract the
attention of virtual thieves and cybercriminals, but any business that
processes customer payment information is a potential victim of a security
or data breach.
Here are some security tips all small businesses should heed and implement
to protect their customers and business:
Address the basic security risks you can easily manage
Most credit and debit cards issued to cardholders in the United States now
include an EMV chip on the card’s front and a magnetic strip on the back
for choice in payment processing. EMV technology conceals sensitive account
information during transaction processing with technology such as
encryption and tokenization to render data meaningless for virtual thieves
who may succeed in intercepting it. If you haven’t invested in
point-of-sale terminals that are EMV-enabled, or you have but still allow
customers to choose if they want to swipe or insert their EMV chip, you’re
exposing your business and its customers to the risk of a breach.
Educate the employees who operate your point-of-sale terminals
Any employee who is involved in your payment processing should be aware of
how their actions could expose your business to potential risk — or help
prevent it. For example, a customer’s credit card number should never be
sent over unsecured email; mobile payments should be processed only when
the device is connected to a private, password-protected Internet
connection.
Rely on payment partners who can keep you protected
The Payment Card Industry security standards outline the payment security
best practices a business should follow based on the number of credit card
or debit card transactions processed over the course of a 12-month period.
While you are responsible for adhering to the security protocols outlined
for your business, partnering with a payment processor that guarantees PCI
compliance can improve the security of every customer transaction and,
ultimately, protects your business from unnecessary risk.
Manage your risk based on the big picture
Customer payment data is one major security concern any business that
accepts customer credit and debit cards should actively protect, but the
many other systems you use to facilitate and store your business’s data —
including email and cloud-based servers — can also provide easy entryways
for virtual thieves if they’re not properly secured, protected and
monitored for potential vulnerabilities.
Backup files in more than one place
There are many low-cost cloud storage providers that meet the needs of a
small business. But if you don’t understand all the details of your cloud
provider’s service agreement — including how the cloud provider protects
the data you trust it to manage, who is authorized to access it, and what
happens to your data if you end the agreement — you’re putting your
business at risk. Be selective about the cloud providers you consider,
based on more factors than just price. Read service agreements carefully so
that you understand what it entails and why; ask questions about who will
handle your data or have access to it.
Even when you do find a cloud provider you’re comfortable with, back up the
data you store in the cloud on a hard drive or USB drive as an additional
security measure. Ideally, you’ll also store it at a location separate from
your physical business, just in case of a major disaster. This ensures you
are not at the mercy of your cloud provider’s security, which could also be
compromised, and can protect you against ransomware. Consider it another
line of defense, in addition to your other security protocols.
Be vigilant about the access you authorize
You hire employees, vendors and third-party suppliers — and all of them may
be given access to your sensitive business information to do their jobs.
Manage what they can access to the best of your ability. If you allow
employees to access business-related information on their phones or
tablets, for example, issue company devices that empower you to maintain
some level of control over the types of data employees can download and
access (and from what kinds of online networks) rather than hoping that
they’ll abide by a BYOD policy that allows personal devices to be used for
business.
Develop controls for passwords
Multifactor authentication (MFA) can help you manage how far-reaching any
cybercrime is able to extend; don’t trust that employees will choose secure
passwords on their own. Adjust your security settings so that every
employee has to use MFA, and automate when passwords will expire and need
to be changed.
Pay for security that is outside of your expertise
It’s wise to want to manage costs when you run a small business, but the
average breach can cost a business more than $20,000. Not sure your
firewalls, networks or websites are secure from virtual thieves? Hire an IT
expert who can test your systems and consult you on what is needed — before
you’re a victim.
Securing your business’s sensitive data — along with the information it
handles on behalf of customers — is a necessary function of doing business
in our tech-based world. Educate yourself on the best practices to enhance
your security, and hire experts who can help you navigate what you don’t
know. You cannot prevent virtual thieves from targeting your business, but
you can control what they’re able to accomplish if they set their sights on
it.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20170314/7d6599e1/attachment.html>
More information about the BreachExchange
mailing list