Nearly every online news source has a handful of articles that discusses impending cyber attacks—2013 is the year for smartphone cyber attacks, major attack looming over the banking industry, cyberwarfare could take out the entire British military, cyber terrorism could send the economy crashing! Sure, the media and propaganda build up the hype to create a reaction, but there is still a lot of truth behind what the news is telling us.
For e-commerce business owners, it is of utmost importance that you do all you can to protect your customers’ credit card data and keep it safe from hackers. Perhaps you are thinking that you operate a small business and cyber attacks will not affect you. Well, think again. That is exactly what cyber terrorists want you to think. They want you to think that you are not at risk so you do not protect your servers the way you should and then—BOOM!
Well, the joke is on them. You are a smart small business owner and you value the trust of your customers. You will continue to process credit cards safely and securely without having your system infiltrated by an unwarranted assault. To help you prepare for a possible cyber attack, Instabill has provided tips to help you protect your customers’ credit card information from hackers and other cyber threats.
PCI Compliance: The first thing you need do when protecting your business and customers’ credit card information against cyber attacks is to meet and maintain the Payment Card Industry Data Security Standards. Not only will meeting all of the PCI DSS requirements help protect your business from intrusions, but it is also a requirement for any organization that stores, processes, or transmits cardholder data. Visit Instabill’s educational website MerchantAccounts-101.com and read our PCI Compliance Checklist for E-Commerce Merchants for more information.
Trustworthy Vendors: If you sell goods online, make sure that you only work with vendors that you trust. Research the vendor online before doing business with them and make sure their company maintains a high level or security that satisfies your own requirements. Be sure to avoid wholesale supplier scams that could sell out your business information to cyber terrorists and check your contract for a security policy clause that indicates their responsibility for any type of breach or cyber attack.
Secure Paper Documents: You operate an online business, but you still handle paper documents with confidential information on them. Instabill suggests that you securely lock up any paper documents in filing cabinets that may contain private business details or customers’ credit card data. You should also restrict access to these confidential documents and only allow necessary personnel to view them. When you no longer need these documents, make sure you shred them and appropriately dispose of them.
Properly Train Employees: When you hire new employees or implement a new application in the workplace, be sure to train your employees properly. Create training manuals and even have training courses if necessary. Your goal is to make sure everyone who works for your company knows how to do their job correctly without inflicting a security breach or cyber attack. Instabill also suggests that you create a company confidentiality agreement and security policy and have all employees sign it upon hire.
Create a Disaster Recovery Plan: One of the worst things you can do as a business owner is to NOT know what to do in the occurrence of a disaster. Have a systems administrator or IT professional at your company create a disaster recovery plan. Include what to do in case of a physical disaster (e.g. power outages, tornados, fires) as well as a cyber attack (e.g. contact your acquiring bank, customers, credit card companies, appropriate authorities).
Most importantly, make sure you backup the file of your disaster recovery plan and store it in multiple locations. When Instabill created its disaster recovery plan, which took several days to perfect, we accidentally deleted the file before backing it up in another location. Luckily, our systems administrator printed a copy to review it before we lost the file. Then we had to recover the disaster recovery plan!
Perform Employee Background Checks: When hiring new employees, take the appropriate precautionary measures to ensure your candidates are trustworthy. Search for their names online, call all of their references, and ask appropriate questions. Most importantly, pay a professional service to run a background check that will disclose information you cannot find so easily online or through a reference telephone call. Internal security breaches are an underlying cause of cyber attacks and you may be happy that you took the extra time to hire responsibly.
Block Non-Work-Related Websites: Another basic underlying cause of cyber attacks is employees using non-work-related website, including personal email accounts, Facebook, and Twitter. Clicking on one bad link or opening an attachment in a phishing email can send your servers crashing and then it will be lights out for your business. Have a systems administrator block certain websites and have your employees sign a policy agreeing not to use work computers for personal business.
Create Strong Passwords: Last March, we wrote a blog post about how to write strong, unique passwords. This practice is even more important today than it was nearly one year ago. Hackers create robots that try to decipher passwords created with random letters, numbers, and symbols, so it is wise to create a strong password using four completely non-related words.
Anti-Intrusion Software: We know that using anti-intrusion software is part of PCI DSS, but it is so important, that we need to mention it again. From firewalls to malware and virus protection, anti-intrusion software will help you detect and prevent infections that can lead to cyber attacks. Talk with your system administrator or IT department to make sure your software is up to date and running properly or consult a third-party service for assistance.
SSL Certificates: Again, we know that using SSL certificates on your website is part of PCI DSS for e-commerce business owners, but Instabill reinforces the use of data encryption technology. Our payment gateway is PCI compliant and we protect all of your transactions using SSL encryption. As an e-commerce business owner, you need to do your share of protecting your customers’ credit card data by adding an SSL certificate to your server. Not only will this add protection, but it will also help build trust with your online customers.
For more help protecting your website and your customers’ credit card data from cyber attacks, contact our tech team online or call 1-800-318-2713 today. Instabill can help you obtain an SSL certificate for your website as well as provide a discounted PCI compliance program from McAfee.