Don’t be a Target!
Target credit card breach a drop in the ocean compared to small business data loss
By Ron Culler, CTO, Secure Designs Inc.
Retail giant Target had a rough holiday season in 2013. Payment details from up to 40 million credit cards used in Target stores were stolen, and the media had a field day reporting and analyzing this massive breach of their network.
While the Target breach is a massive, single event, it’s far smaller than the cumulative total of the millions and millions of records that are lost or stolen every day from hundreds of thousands of unsuspecting and unprepared small businesses.
People carry less cash and use far fewer checks than they do debit or credit cards, and almost every retail business, no matter how small, now wants and needs to handle electronic transactions. But with that comes a responsibility to protect customers’ personal and financial data. If your business benefits from credit and debit cards, you have no business not securing those transactions.
It may sound complicated, but there are some simple actions every small business can take to lay the foundations of security. What’s more, they don't have to cost much more than your monthly coffee budget. Just as you protect your office building with an alarm system and security services, protect your customers’ privacy with a managed firewall system. Here’s how:
Install a real, physical firewall between your computers or point of sale machines and the Internet. A simple router from the local big box store is not enough. You need a purpose-built firewall that employs advanced threat management services that can block known attack types as well as malware from getting in or in or out. These are surprisingly affordable – and cheaper than a data breach.
Make sure the firewall comes with an update subscription service so that it is constantly re-tuned to protect against new threats
Call in experts to configure the firewall - internet security is complex and it’s their job to understand it - and monitor it 24 hours a day. Managed security services experts will do this for a small monthly fee.
Ask the network security experts to run a security audit to make sure you are doing all you should. Many security vulnerabilities are behavioral rather than technical (e.g. system passwords posted on a monitor or point of sale terminal, not logging off a system before going to lunch) and cost nothing but some staff training time to fix.
Lobby for more legislative help. Tell your Senators and Congressmen that it’s time to put National Data Breach and Privacy legislation in place. Small businesses as well as retail giants need a central, nationwide source to create and promulgate regulations and advice on what to do if a data breach happens – not the current piecemeal system of checking state by state to see if a law exists and, if it does, what the local laws are. If your customers buy from you but live in another state, you need to adhere to their laws as well as those in play in your own state.
Being the boss of your business means taking care of your customers’ invisible assets. You need to take ownership of security, just as you would health and safety, hygiene or other business essentials. That doesn’t mean you have to do it all yourself – call in the IT security experts and breathe easier at night, because your small business won’t be the one leaking customer information to the cybercriminals.