Known as the biggest retail hack in U.S. history, the malware installed in Target’s security and payments system was designed to steal data from every credit card used at nearly 1,800 Target stores. Whenever a credit card was swiped at Target, during the months surrounding Thanksgiving of 2013, a hacker-operated server would store the card numbers. It managed to obtain about 110 million customer records. One month later, Neiman Marcus fell into Target’s footprints. According to USA Today, the high-end department store reported an average of 26,829 stolen customer records for each of its 41 U.S. locations.
Lately, we’ve heard a lot about security breaches at these large corporations. Although rarely covered by the media, cyber-attacks hit the SMB market even harder. It is crucially important to understand how to protect personal information from hackers. Knowing the latest and most effective strategies in cyber security can save any business, large or small. The following information is derived from a Federal Communications Commission (FCC) report detailing cyber security advice for small business. Take these precautions to avoid falling into a hacker’s trap.
The Huffington Post reports that among the mistakes that could have prevented the hack attack, Target gave network access to a third-party vendor that did not follow accepted information security practices. The first step in protecting your business is acknowledgment of security principles, business-wide. Establish basic security practices and policies for employees, business partners and third-party specialists to eliminate any loopholes in security. Require strong passwords, establish rules of behavior and detail penalties for violating company cybersecurity policies. Be sure everyone involved with your company knows how to handle and protect customer information.
This includes mobile devices, computers and system networks. Target failed to isolate its most sensitive network assets, which enabled the hackers to move from less sensitive areas to where Target stored consumer information. Keep all company-reaching machines clean by installing the latest security software and use a secure web browser to defend against viruses, malware and other online threats. Stay updated and set automatic scans, especially on mobile devices. Laptops, smartphone and tablets create significant security challenges, especially if they hold confidential information or can access the corporate network. Require users to password protect their devices, encrypt their data and install security apps. Don’t forget to regularly backup all of your company information on all computers. Backup data automatically if possible, or at least weekly and store the copies either offsite or in the cloud.
Nowadays, if you do not have a personal log-in password for your desktop computer, laptop and mobile device you must be living under a rock. Not only are these devices frequently lost, but they are also a major target for theft. To prevent unauthorized access to company information, make sure a separate user account is created for each employee and require strong passwords. Take it a step further and have employees change passwords on a monthly basis. It is also important to keep administrative privileges to a minimum; full database access should only be given to key personnel and sparingly at that! Employees should have access only to the specific data systems that they need for their jobs. Consider implementing multi-factor authentication that requires additional information beyond a password to gain entry and if you have a Wi-Fi network for your workplace, make sure it is secure, encrypted and hidden. Using a firewall will help prevent unwanted access on your private network. Make sure the operating system’s firewall is enabled and if employees work from home, ensure that their home systems are also protected.
The Payment Card Industry Data Security Standard (PCI DSS) is a set of requirements designed to ensure all companies that process, store or transmit credit card information maintain a secure environment. Using a third-party processor does not exclude a company from PCI compliance and penalties for noncompliance can be catastrophic to a small business, with fines reaching up towards $100,000. Protecting cardholder data isn’t just specific to card number, but also personally identifiable data including a customer’s name, address and social security number. Card processors can help your business with the most trusted and validated tools in anti-fraud services.
Consumers put their full trust into your business when making credit card purchases. If expectations in security are not met, they won’t return. Keeping information safe is critically important in order to avoid massive disasters from hackers or even flood or fire. Keep customers loyal to your business by making them feel secure.
Document management systems allow network administrators to strengthen security to eliminate any vulnerabilities to a company’s information database. With a built-in granular security model, the award-winning document management solution from Square 9 provides feature level security from the full database to specific archives and documents. It supports single sign on through Active Directory integration and users working outside of the network authenticate through an IIS security prompt.