Cybersecurity: How it Can Make or Break Your Company
November 29, 2018
When small to midsize business owners think about security, property-protecting equipment tends to come to mind. But, given the nature of today’s retail landscape, cybercrime should be as much of a concern as traditional burglary.
While data breaches affecting large corporations get the most press coverage, cybercrime is on the rise among smaller companies as well. In fact, 61 percent of data breaches in 2017 affected small businesses. Given that a single breach can have long-term repercussions that devastate a business, owners need to make cybersecurity a top priority.
What are the possible negative effects of a breach in security?
Cybercrime can be devastating because its effects are multifaceted. Let’s say your business is a pizza restaurant franchise with half a dozen locations. As per industry standards, your business processes orders in-store, over the phone and online. In order to streamline the ordering process, you maintain a database containing customer information, which includes credit card data.
Now, let’s say your company’s system is broken into by a group of hackers who are interested in the credit card information you keep on file. The most immediate consequence of the hack will be damage to your business’ digital infrastructure. The virus or other malicious program used to access your system can render your company’s software inoperable.
Similarly, the simple act of opening an infected email may lead to every computer terminal on the company’s network being locked down by destructive ransomware. And since contemporary businesses rely on computers for everything from point-of-sale checkout to inventory management to payroll, your company won’t be able to do business until any computer issues are fully resolved. Worst of all, depending on the severity of the breach, the recovery process could take hours, days or even months – making it impossible for you to run your business for an extended period of time after the breach.
In addition to repair and downtime costs, there’s also the issue of notifications. If your company does business in 48 of the 50 states, you are required by law to notify anyone whose personal information may have been exposed in the breach. As you can imagine, the response to a notification of this kind is negative. In fact, a third of consumers stop doing business with companies after a hack. Therefore, those notifications could completely destroy your company’s reputation.
Finally, your business may be liable for hundreds of thousands of dollars in fines from your company’s bank. You company’s bank is adamant on protecting your customers’ financial information, so you will inevitably be required to pay fines for a breach in compliance.
Why cybersecurity is so important
Due to the triple hit of system repair, reputation damage and financial penalties, 60 percent of small businesses close six months after a data breach. However, by investing in a few robust cybersecurity solutions, owners can reduce their company’s risk of being hacked.
Because of the pervasiveness of cybercrime, the Federal Communications Commission (FCC) has established a resources page to help small and midsize businesses protect themselves. The FCC’s most important recommendation is that businesses establish best practices to bolster their cyber-defenses. These can include some of the following:
- Establish and maintain policies about the handling of all customer information and company data
- Create and enforce policies about employee Internet browsing on company hardware, regular software updating, and the regular setting of new strong passwords.
- Create a data breach plan that involves strict procedures and a clear chain of command.
- Regularly hold meetings informing staff of new kinds of data breach threats and refresh everyone on the company’s cybersecurity policies.
- Regularly backup critical information such as financial files, human resources data, payroll information and inventory data weekly, ideally to a cloud server.
- Partner with a payment card processor that is compliant with the Payment Card Industry Data Security Standard (PCI DSS).
Why payment card security is the cornerstone of cybersecurity
While best practices listed above are essentially common-sense security measures applied to the digital space, payment card security is a bit more complicated. To combat the worldwide issue of debit, credit and prepaid card fraud, the major card brand companies (Visa, MasterCard, American Express, etc.) established a series of standards to improve fraud security. These standards are called the Payment Card Industry Data Security Standard (PCI-DSS) and they deal with how best to accept, process, store and transmit payment card data.
Although there are no laws mandating businesses adhere to the PCI-DSS, the individual card brands assess fines to the financial institution that processes your payment card transactions if a data breach creates a compliance issue. Depending upon the card brand, these fines can total between $5,000 and $100,000 for every month an affected party remains out of compliance.
Furthermore, if the merchant affected isn’t PCI-compliant, but the financial institution is, banks will often shift liability for those fines to the merchant. Therefore, it’s clear that striving to be PCI-compliant should be the cornerstone of any companies’ cybersecurity strategy.
How to address the problem of payment card security
For even the most tech-savvy organizations, payment card security can be a real challenge. If your company accepts payment cards in person, over the phone or online, the PCI-SDD mandates hundreds of different controls regarding the handling of customer data.
To relieve the pressure of meeting all those controls, it’s recommended that merchants partner with a PCI-compliant payment card processor. Ideally, small businesses should choose a card processor that utilizes cutting-edge cybersecurity methods — such as the tokenization of payments — to further minimize risk.
The benefit of tokenization is that, as soon as that sensitive payment card data is captured, it is replaced with an algorithmically generated unique number sequence called a token. Consequently, the customer’s data is protected from hackers as it isn’t stored in the merchant computer system (only the token data is). And token data cannot be reverse-engineered into payment card data
Because JetPay utilizes tokenization, as well as robust encryption, to process card transactions, the PCI controls our partners need to abide by to stay in compliance drop from 335 to 35.
Adopting cybersecurity best practices and becoming PCI-compliant can be mission-critical to your company’s long-term success. Not only can those measures lower your business’s risk factor for experiencing a data breach, they can also mitigate the damage if one does occur. Finally, such measures also prevent against payment card fraud, protecting your company’s bottom line by reducing chargebacks, reimbursements and legal claims.
It would benefit retailers in every field to partner with a secure processor, such as JetPay. Our affordable payment card processing services, in both the physical and online space, are both PCI-compliant and encrypted. As such, our clients can rest easy knowing that their customers’ data — and their own reputations — are being protected by some of the most sophisticated and most trusted cybersecurity technology currently available.
Contact us today to optimize your company’s payment card security.
Sign up for more from the blog.
Get weekly updates and summaries.