Think your small business is too small for cyber criminals to want to target? Think again.
In a recently published study, the Ponemon Institute surveyed 1,045 individuals at small and medium sized companies in the United States and the United Kingdom and found that 67 percent had been the target of a cyber attack. Amongst the same group, some 58 percent reported having a data breach at their company.
It’s bad enough being targeted but the heavy damage comes when the cyber criminals succeed. Ponemon reported that in the aftermath of these attacks, companies spent an average of $1.43 million recovering. This is in addition to the revenue lost due to the disruption of normal operations.
With that in mind, here are seven tips to help keep your small business technology — and especially your point of sale system — safe from criminals:
1. Train employees
The Ponemon Institute research made clear over and over again that negligent employees and contractors were the root cause in the vast majority of data breaches, phishing attacks and ransomware attacks. That’s a stark reminder that employees and contractors are on the front lines of cyber defense for your small business and should be trained appropriately. Tell employees that they should never click on links or open attachments in suspicious emails. In addition, they need to verify the origin of any suspicious email because email addresses and brand logos can be spoofed.
2. Inventory your technology systems
Now that you’ve got the employees and contractors trained and ready to deal with bad actors, you should next turn to your IT department (if you have one) and ask for a full inventory of the different ‘systems’ in place at your business and what are the potential risks for each one. For instance, if you have a website, is it being monitored for potential hacking? Similarly, where are your customer records being stored and what protections are in place for it?
3. Put barriers between networks
After you inventory your systems, it’s a good idea to understand how they are connected and if the connections are necessary. In other words, if someone does manage to hack into your website, is the website network and server connected to your point of sale system? Sometimes, people connect them in order to have one seamless omni-channel shopping experience from the website to the physical store. In addition, employee records are sometimes kept in that same network and server. You may want to put additional protections, or barriers, between some of these areas to ensure that any thieves who break into your network can’t just have a run at the entire system. Instead, they will only be able to access one area without having logins for another area. This may seem like an inconvenience for normal users but it may help limit the damage in the case of a data breach.
4. Protect login credentials
It may seem like a small thing but keeping your login credentials safe and secure is one of the best ways to limit damage if a thief gains access to your network, your mobile device or your laptop. But, what do we mean by safe and secure? Logins and passwords should not be kept in human-readable text files in your network. Instead, you will want to keep them encrypted and stored someplace where you need a password to see the passwords. Some browser tools are available to provide just such a service. In the alternative, you can password protect a folder on your network where you can keep the encrypted passwords. One additional note: the passwords themselves should be sophisticated and not easily guessed. Mix in numbers, letters and special symbols to prevent brute force attacks.
5. Change your logins from time to time
In addition to protecting login credentials, it’s a good idea to change credentials from time to time. This prevents any old logins from being used by someone who happens upon it. It also helps keep former employees from being able to access a system they once had access to.
6. Back up your data
Backing up data is a good idea on several levels. From a security standpoint, it’s a good idea to have everything backed up just in case your business does experience a data breach or ransomware attack. You’ll have everything available in case you need to rebuild the system from scratch (heaven forbid).
7. Institute regular reviews of your system
Last, it’s a good practice to have regular reviews of your system. It can be once a year or maybe as often as once a month. You can just make sure there’s nothing out of the ordinary, that there have been no suspicious logins to your website or other networks, that there are not missing or extra files on your servers and, in general, everything looks good. After all, the thieves are counting on you not paying attention so don’t make it easy for them.
Wondering how a point of sale system fits into the cyber security at your small business? Contact us today to find out.