Tips to protect against, and recover from, a security or data breach
Tips: Protect against, and recover from, a security or data breach
Most small business owners—87%, according to a recent survey by Manta—don’t believe they’re at risk of experiencing a cyberattack. But they’re wrong. According to one survey, half of all small businesses in the U.S. have suffered a data breach in the past year. And the consequences of an attack can be catastrophic for a small business. Experts estimate that as many as half of all small businesses that suffer a breach go out of business in the next six months. To put these risks in perspective, flip a coin—your chance of getting heads is the same as your chance of suffering a cyberattack. Flip that coin again, and you’ve got your odds of going out of business as a result of such an attack.
Unfortunately, your small business may be an even more attractive target for hackers than a major corporation, because smaller businesses are less likely to have state-of-the-art security for their networks or up-to-the-minute security training for their employees. But now that you know the risks, what can you do to protect yourself and your customers?
Cyber-security best practices for small businesses
The first and most obvious place to start upgrading your cybersecurity is with your equipment. As of October 2015, merchants are required to be able to process EMV chip-based cards. If you still don’t have the necessary equipment, you’re liable for any fraudulent transactions made with chip-enabled cards. So if you still haven’t upgraded your POS system, this is a great place to start. All Clover POS systems, for example, are chip-compliant.
While you’re upgrading your technology, make sure that the providers you’re working with provide state-of-the-art security features to help guard your customers’ data. Understanding cybersecurity can get very technical, but there are a couple of key terms to look out for. End-to-end encryption is a system that masks all data from the moment it’s captured to the moment it reaches the payment processor, protecting customers’ credit card numbers, for example, from attacks during the time they’re being transmitted from your store to the bank that’s processing your payments. Tokenization is another key term to know—this means that instead of storing credit card numbers in your system, you’re storing randomly generated numbers that stand in for sensitive data, meaning there’s less risk for you in the event of a breach. Look for payment processing systems, like Clover’s, that provide these kinds of advanced protections.
The other key cybersecurity risk is human error. When you combine the many types of simple security mistakes individuals can make, like clicking on malicious links in phishing emails, or using unsecured mobile devices, a whole lot of data breaches can be traced back to human error. Make sure you and your employees understand cybersecurity best practices, and keep your training up to date as your systems change. Educating your staff will go a long way towards protecting your business.
How to recover if the worst does happen
First of all, don’t panic. It’s best to come up with a plan for how you would respond to a breach ahead of time, just like you would prepare for a fire or other emergency. That way, if you do get attacked, you have a plan in place and you aren’t trying to respond on the fly. Talk to the security experts who have helped you set up protections for your system to come up with a plan now—Clover’s customer support team is always available, for example.
Communicate with customers quickly and clearly. Don’t underplay the risk or exaggerate the skill of the hackers. Be honest and let customers know what they need to do to protect themselves in the wake of an attack. Make sure all your employees understand what happened and know what to say to customers who have questions.
If you can, offer some kind of compensation. Free products may be the easiest for you to organize, but helping customers with identity and credit monitoring will be even more appreciated, if you can manage it. If you can’t afford to connect customers to these services yourself, look for free resources you can direct them to. That way, when customers have questions about how to protect their data going forward, you have answers.
Surveys show that many customers do stick with businesses after a breach, but most do so because it’s too much hassle to switch. As a small retail operation, it’s a lot easier for your customers to simply buy their sandwiches or T-shirts somewhere else than it is for them to change banks or stop shopping at a major big-box retailer. That means you have to work even harder to make your customers feel supported and valued after a breach. Offer sincere apologies to everyone affected, do whatever you can to help customers feel secure, and focus on delivering top-notch customer service going forward. A data breach can be devastating, but it doesn’t have to be the end of your business.