By Cameron Camp of ESET
Hackers target retailers during the holiday shopping frenzy each year, so here are a few tips to avoid becoming a victimized business owner, and keep your customers safe this season. And no, you won’t need to get a big loan, this is all doable on a small business budget.
1. You’ve got a chip reader, right? If not, you’re not alone. In the small businesses I visit locally, a startling number of them don’t have the latest Point-of-Sale (POS) gear that reads the newer style payment cards with the chip in them (EMV). For scammers potentially targeting your business, this is a good indication of the overall condition of your “hackability.” If you haven’t gotten the card reader right, what else could be easy to attack? Hint: Lots. Also, many hacks start with the remote management software used in POS equipment, so make sure that’s locked down so the bad guys can’t get in. Think this is all too expensive? POS (and computer hardware in general) gear with modern improvements drop in cost as the production ramps up, so it may be cheaper than you think.
2. All firewalls are not created equal. One of the most common attack points these days is your broadband router. Still got the one from 10 years ago because it still works? Turns out your router does a lot more than just direct digital traffic from the Internet, your computers, printers and tablets, it also does a hefty amount of firewalling nasty things from creeping into your office. Got an infected computer? A good firewall will keep it confined so it won’t spread to others. And you don’t have to break the bank. Decent, mid-priced modern routers often have decent firewalls that have some of the latest threat detection built in, and you don’t have to spend millions; plan on more like a couple hundred.
3. What happens if you get hacked? You have a plan, right? Not to worry, most businesses don’t have a disaster recovery plan, or if they do it’s sitting on a dusty shelf and doesn’t include recovery steps for half of the newer equipment they’re now using. But something is better than nothing. Specifically, you should pay attention to what happens in the event of payment card theft. Whose fault is it? If you can prove that you took some basic security steps, your part of the bill could drop steeply. If, on the other hand, you didn’t do those basics, the costs could be staggering. You don’t have to be a security genius to do it either, just some common sense and a little bit of hardware/software and your techie friend’s phone number.
4. Have a techie friend. Preferably someone who knows the tech but can explain it to real people. This is often what’s missing in business. As an owner you understand that there are numerous areas that need protecting, but you’re probably the only one who sees the business unit as a whole. You need that same perspective when it comes to protecting your business digitally – someone who gets the big picture and can recommend what’s best for your specific situation, not some generic “panacea du jour” listed on a shiny brochure you picked up somewhere.
5. Update things — preferably automatically. If all of the digital gear in your business isn’t updating its defenses pseudo-automatically (or even fully automatically), you won’t have the latest defenses against the latest attacks. So unless you want to spend every night reading security mailing lists and applying patches, you have to automate. Your job is to a run a business, not run all the security bits needed to stay safe. So find software, firmware, and hardware that keeps up. This includes everything from your endpoint security (hopefully you also have that for mobile devices, they get hit these days too), on up to your physical security system on the doors and windows. Security changes fast, make sure your business does as well.
You can do all this for very little money, or you can go crazy — budget-wise. But in most cases, there’s no reason to get really big expensive equipment, you really don’t need it (unless your business scales quickly, but then you can hire an expert anyway). It’s easy to get sold the most expensive thing on the brochure, but don’t fall for it. Just a modest monetary expenditure, coupled with a smart techie, will have your business worlds ahead this holiday shopping seasons, protection-wise.
Cameron Camp is a researcher for global security provider ESET and has played a critical role in building the ESET North America Research Labs for researchers collaborating around the world to stop threats. Camp has been building critical technology infrastructures for decades, becoming an evangelist for security technologies in a rapidly evolving tech world. Camp is also an accredited speaker and frequently contributes instructional technology articles and blog entries.
The views, opinions and positions expressed within this guest post are those of the author alone and do not represent those of CBS Small Business Pulse or the CBS Corporation. The accuracy, completeness and validity of any statements made within this article are verified solely by the author.