Imagine going online to purchase a new pair of well-deserved shoes, only to find your credit card maxed after the purchase! This is the nightmare that many Target shoppers endured after making small purchases with the retail giant in the past few months. As we’ve seen from the aftermath of its data breach, the company is still suffering from damages and many of the customers have sworn off of the brand for good. To protect yourself from this unfortunate chain of events, here are a few ways to help you protect your customers and their data this year.
Assess Your Risks
The first thing you should do is to assess your risks. Businesses with a Continuity or Disaster Recovery Plan often use this step as a way to make sure they can easily recover in the event of an unforeseen event. To assess their risks, they inspect their Internet connectivity and access, access to sensitive data and storing methods of customer and business data. Test all of these areas to see what your potential risks may be.
Pay close attention to these key areas:
-internet and data access
-payment and customer data access/storage
-security policies for work computers
-web site security
-social media accounts security
Whether you’re a large corporation or small to medium sized business, collecting payments will put you at a significant risk of data loss. By assessing your risks before an event, you can successfully protect your customers and your business.
Ways to Protect Yourself
Keep your eyes peeled for any mentions of your business online. Large companies such as PayPal, Western Union and the United States Postal Service have all been victim to email scams. In these attacks, emails are sent to customers asking them to update information by clicking a link and signing in. When they do, the information is stored and used for cyber-criminal activities. By keeping your eyes and ears open for mentions of your business, you’ll be able to notify your customers the moment you notice an event like this. This keeps them from having their data stolen and it protects your brand’s reputation.
Lock Up Your Stored Data. Unfortunately, over 28 percent of businesses surveyed by Visa said that they store their customers’ bank account numbers or copies of their checks, and 24 percent said they store their customers Social Security numbers. This stored information is a dream come true for cyber thieves and a nightmare for consumers. Not to mention, storing it automatically puts a business at risk for data fraud both in house and over the web.
To make sure you’re at a lower risk of data theft, protect all of your stored data. To reinforce security, make sure you run all necessary updates and scans on a regular basis. This minimizes the risk of missing vital security patches. Visa suggests that companies encrypt or truncate their data.
Tighten Up Workplace Security. Many businesses forget to attend to their in-house security when securing their web data. The first thing you should do is make sure you have a policy that works against employee fraud. For implementation, businesses restrict access to certain data and program their databases to accept multiple. A singular password could easily spread throughout the office and it would be extremely hard to determine who accessed or siphoned data. By giving everyone their own personal passwords, you can easily keep track of who accessed your data and how long they were logged into it. This helps to pinpoint any on premise fraud.
Become Familiar with PCI DSS. PCI DSS also called Payment Card Industry Data Security Standards, is a set of guidelines that businesses must maintain to adequately secure payment details. If you aren’t familiar with them, Visa provides each step of the policy which are as follows:
-build and maintain a secure network
-protect card holder data by encrypting transmission of card holder data and protecting stored data
-run anti-virus & anti malware scans regularly
-restrict access to databases
-assign data access to a few key individuals
-restrict data access
-track and monitor any access to your network resources
-regularly test your security systems and processes and maintain a policy that addresses security
Keeping the sales flowing is the top goal for business, but keeping the customers happy is the top priority. As it seems, 2014 is D-day for businesses without a tight security protocol. Don’t fall victim to these preventable hack-attacks. Follow the above advice to secure your data today.
About the author: Anne blogs professionally for CBL Data Recovery and enjoys writing about information security, data recovery and data privacy issues.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.