The pandemic has upended almost everything about our lives, and it’s forced many small businesses to shift rapidly to online ordering, eCommerce, and pickup and delivery services. For many businesses, moving online has been a huge success story—and a lifeline.
But moving online has also introduced new threats that small businesses may not be aware of. A primarily in-person business can rely on its Clover devices to be more secure, and to help keep customer transactions secure. But doing business online introduces multiple new points of vulnerability.
If you’re used to doing business primarily as an in-person, brick and mortar operation, you may not be up to date on all the cyber threats that small businesses face. Unfortunately, while hacks and attacks on major brand-name corporations are much more likely to make headlines, cyber-attacks on small businesses are common, and can be devastating. As many as 43% of all cyber-attacks target small businesses, according to Verizon, and 71% of ransomware attacks, according to Beazley, an insurance company. The average breach costs $200,000, according to Accenture—a figure no small business could easily afford. Meanwhile, only 14% of small businesses are prepared to deal with a cyber attack, according to Accenture.
The biggest cybersecurity threats to small businesses
The biggest single threat to the typical small businesses today, in the wake of the pandemic, is simply a rapid shift to ecommerce. Doing business online is convenient for customers, and customer demand for online options is certainly not going away. But the more your business moves online, the more vulnerabilities you introduce, and the more opportunities bad actors have to access your business information or your customer information.
Some of the major threats small businesses should be aware of are:
1. Malware. Malware is any type of malicious software that infects your system and steals valuable data. Malware can be spread through phishing attacks, in which someone who has access to your network is tricked into clicking on a malicious link or downloading infected software.
2. Ransomware. Ransomware is a specific type of malware that, when downloaded, encrypts your data. The hackers behind the attack can then demand ransom in order to decrypt your files—or to prevent them from publishing the sensitive data publicly.
3. Keylogging software. This is a type of malware that tracks everything you do on your computer, which means it can log passwords and give hackers access to sensitive accounts.
4. Card testing. When criminals get access to a batch of credit card numbers, they have to test those card numbers in order to figure out which ones will work and allow them to make purchases. They’ll target a website and make thousands of small purchases of $1 or less. Any cards that go through are “live,” and they can use them to make bigger purchases elsewhere until their fraud is detected. The trouble is, even if these transactions are small, they can quickly add up to thousands of dollars just in payment processing fees.
The best cybersecurity strategy for small businesses
First of all, of course, any small business must ensure its website, router, and online presence are fully up to date and protected. This means staying up to date with software updates and security patches—don’t put these off until you feel like you have time.
Employee training and education is also critical. If you’re a small business owner, you have to make sure you’re following best practices and being cautious with your online behavior. But any employee who has access to your accounts and data is another point of vulnerability—they also need to be educated on how to protect their identity and avoid falling for phishing attacks or other forms of malware.
Small businesses should keep a close eye on their social media accounts. Criminals could “spoof,” or copy, your online presence in an effort to get your customers to divulge sensitive information. Make sure your account logins are secure and that you’re regularly looking out for spoof accounts, especially on sites where you’re not active.
When it comes to card-testing, one of the best ways to protect your business is to talk to your payment gateway provider (if you’re a Clover customer, that’s us) and make sure they’ve installed velocity controls on your eCommerce site. This basically means that the site won’t accept more than a certain number of transactions from the same IP address within a set amount of time. This puts an automatic stop on anyone who’s trying to run thousands of cards through your site quickly.
What’s more, small businesses should have a cybersecurity policy in place that includes a plan for what you’ll do if an attack does happen. If you’re hit with a cyber-attack, you’ll be overwhelmed and worried, to say the least. Having a clearly laid out response plan will help you keep your head.
A good response plan should include:
- making sure employees know to alert you as the small business owner of any breach or fraud immediately;
- notifying any card companies involved so you can protect your customers;
- notifying your customers and explaining what you’re doing to protect them;
- and doing an investigation to uncover the cause of the breach, so you can learn lessons and improve security going forward.
The idea that your business could be a target for malicious hackers may sound far-fetched, but attacks on small businesses are far more common than you might think. Better to spend a few minutes updating software and talking to key employees now than to be left scrambling to recover from an attack in the future.
If you’re interested in learning more about using effective security methods to help reduce your risk of a data breach, schedule a consultation with our merchant services team today.