Security was a hot topic in 2016 (and 2015 and, to some extent, 2014), but it seems that we see news of a data breach almost daily. Consumers are often more savvy (or at least more paranoid) when it comes to online purchases. Attacks on small businesses are increasing because hackers know these are the weakest links. Here are a few tips to make sure you aren't their next victim.
Payment Data is not Your Data
This probably comes as a bit of a no-brainer, but many businesses like to store credit card information for the convenience of their customers. That's great, but you need to make sure you're being a good custodian. The best think you can do is to "tokenize" the data. Basically, you put the hardcore security onto a third party like Stripe so they store the actual information while you simply have some unique identifier that links your customer record to that payment information. This is generally done at the application level, so talk to your developer to see what it would take to handle this for you.
Education is Important
In every organization, the weakest link tends to be its people. Social engineering (basically, contacting an organization and pretending to be someone you're not) works far more often and easily than it should. Train your employees and give them the tools they need to verify the person they are talking to is authorized on the account. Create PINs for customers or security questions they need to answer so your employees know the person calling is actually the right customer.
Properly Manage Your Technology
Keep your Web site and all the plugins/extensions you're using updated. Log in at least once a week and make sure you update all your plugins. If you have a server or two of your own, make sure those are updated as well. Most likely, if you're a small business, you have someone that is managing the servers for you (or you're using a hosting provider like Bluehost, Hostgator, or Rackspace). Check with them or your IT team to see when updates are applied to make sure it's happening.
Not sure how secure your site is? Contact us for a free one-hour consultation to help you determine your status. After that, we can help you lock everything down so you can accept payments with confidence.