Secure Your Security
Monday May 11,2015
Identity theft, data breaches at “big box” retailers and “dumpster dive stories” on local TV newscasts have made headlines in recent years for the number of customers affected and the sensitive (valuable) data accessed. After the shock, apologies, litigation and promises that “changes are in place to prevent future occurrences” the concern fades away. The reality is that it doesn’t “go away” – it just shifts to other, less visible companies who have not prepared for these types of cyber and information security lapses.
So, is your business properly equipped to handle the protection of your customer’s financial information and sensitive employee data? The following are security-related issues companies should be proactive with for their protection, for customers and employees.
One of the biggest and most visible areas of concern for every consumer and retail-transaction business is credit/debit card fraud. However, help is on the way in the form of EMV payment cards. Some merchants are still not aware of EMV cards/reader technology developed by Europay, MasterCard, and Visa in 1994. An EMV payment card closely resembles a current credit/debit card, and is identified by an embedded chip—essentially a tiny computer. It’s harder to replicate a chip card than a magnetic-stripe card, as the chip creates a unique impression every time it is used. Chip cards are inserted or “dipped” into an EMV-compliant reader and left in place for the entire sale. The EMV reader and card talk back and forth during the processing of the sale. These new cards and terminals will replace “current” magnetic-stripe technology cards. There are costs for merchants/organizations to adopt the EMV standard, but in the long run this new card system will help protect both parties. This is not an optional system – merchants who do not meet the October 1 deadline face increased liability for fraud committed by customers using non-EMV compliant cards at the time of purchase. The implementation is seen as a major deterrent to credit card fraud and the damaging effect it has on consumers and businesses.
Moving beyond securing purchases, a good cybersecurity practice is to regularly review what software programs your business uses to capture, store and process customer transactions, sensitive files and employee data. What does your network look like? How vulnerable are you to an internal/external data breach? What is your process for disposing of old computers and copiers? Is there a process in place for destroying sensitive electronic and hardcopy employee data or customer purchase history? It’s also a good practice to ask the companies and vendors you partner with what their cyber security protocols are – if they haven’t already asked you for yours. If your partners don’t equal or exceed your security levels, that could leave you or your customers vulnerable. These are questions many businesses don’t have answered, or worse, have not considered.
After you determine what your hardware, software and network(s) are, then at regular intervals, make sure you monitor security settings and protection levels to insure you are operating with the latest patches and updates in place, or replace outdated software. If you’re fluent in cybersecurity measures, or have an available expert to consult – great! If not, make sure you consult one to point out any deficiencies, or worse any attempts or breaches to your network. When you have a problem or vulnerability, what is the path to solving it? This is not an area to skimp on as the liability, recovery costs, damage to your reputation, and loss of employee productivity will far exceed the costs to install and maintain robust security levels.
After all your updates, protocols and measures are in place make sure you control the “back shop.” Administrative access (to your network) should only be available to a limited number of trusted employees. At the very least there should be a review process to see who, when and what is accessed by administrators. Set limits on who can download and where their access points to the network are.
Cartridge World stores pride themselves on being “your local home and office printing experts,” but we can also suggest where to find secure shredding, or where to have your computer’s or copier’s hard drives “data wiped” to delete sensitive information.
So, if you think your business is too small or not well known enough to make it an attractive target for data hackers – you would be incorrect. Any ecommerce, financial transactions, competitive data, or sensitive personal data is attractive to data hackers. Just like businesses, hackers come in all (operational) sizes, and they all want the same thing – data – your data.