Accepting credit cards is a way of life for many small businesses, and most owners don’t give a second thought to extra layers of data security. After all, what can a small mom-and-pop store have that would be attractive to hackers? Well, as it turns out, small businesses are big targets because they’re pretty easy to hack – and a valid credit card number is a treasure.

The Wall Street Journal a year ago chronicled the tale of a newsstand owner with two stores who was victimized. And even though he thought he was taking precautions to protect his customers’ data, cyber thieves planted a software program on the cash registers at his shops that sent customer credit-card numbers to Russia. At the time the story was written, he was out about $22,000 because the credit-card company said he didn’t do enough. They said his weak password for his cash-register software, pos, was easy for hackers to try.

But a weak password is only part of the problem for most small businesses. Too many small businesses store passwords to sensitive data in Outlook or other email clients, and the data can frequently be found easily hacked Excel spreadsheets. Even if you have antivirus and antimalware software, there are numerous ways that hackers can find their way into your system. For some, it’s like taking candy from a baby.

However, you can put up some protective fences around your data. The measures may cost a little more money than you’d like, but those costs are smaller than the liability you could face from a breach of your data.

• Get “business-grade” antivirus and antimalware software. We offer it for $4.25/mo/computer, and we set it up and monitor your threat activity. In addition, we assist you on any software changes you make to ensure that your virus and malware protection remain at your expected level of performance. Why is this important? You need to protect yourself against somebody installing a Trojan horse that can turn up years later. The newsstand owner’s system was compromised two years before anything happened. You can have the same protection that big corporations buy.
• Don’t keep user names and passwords in Outlook folders or Excel files. To be honest, they shouldn’t be on a computer. You should write them down on a piece of paper and store them under lock-and-key. Having your data compromised through an email backdoor is a growing problem. (See Lowdown on Hijacked Email, the next article in this newsletter issue.) If you get an email from your bank, credit-card processor or PayPal, don’t just click and reply. Hover over any link or email address and see where it’s really going. Better still, go to your provider’s website independently of the email or pick up the phone and call customer service.
• Use strong passwords. If I had a nickel for every a-b-c or 1-2-3 password I’ve seen, I’d be managing a large investment portfolio instead of IT systems. Make your passwords long or complex or both. Use uppercase and lowercase letters, numbers and special characters.
• Keep your Wi-Fi network secure. Networks are all over the place in commercial and residential areas. Just take out your smartphone and see how many networks are in your range. If your network is unprotected, anyone can sit in range unnoticed for as long as they need to find a pathway to your valuables

We would welcome the opportunity to provide a free risk-management assessment of your practices and systems. Call us at 973-433-6676 or send us an email and feel more secure.

This article was published in Technology Update, the monthly newsletter from Sterling Rose LLC.