With December fast approaching, it’s officially the holiday season. As a business owner, the holidays are a time of great opportunity. But, the time of year also brings about unwanted stress.
Over the past few years, cybercrime has been on the rise, especially during the holiday season. Due to the massive shift to online shopping, hackers have even more opportunities to gain access to either your business or a consumer’s sensitive information.
The uptick of cyber threats has brought about fear amongst many businesses. This fear has led to little change, however. In fact, a recent study showed almost half of business owners have never tested the readiness of their incident response teams. Seeing that hackers are constantly testing and improving their methods, you must be doing the same.
This season, don’t let hackers get you down! Let’s take a look at how you can keep cyber threats away from your business this holiday shopping season.
Assess what is already in place
To understand how open your business is to outside threats, you’ll need to conduct a thorough assessment of all the defenses you already have in place. In this step, you should be testing each and every piece of gear, tool, or security protocol that is already in place to see how your business would perform if a real threat came your way.
There are a few methods that are used to help identify if a business is fully secure or not. Let’s take a look at a few of the most popular cyber security testing methods.
- Cyber Security Audit – A cyber security audit is a complete overview of all of your business’s IT infrastructure. An audit of this scale is usually handled by an outside agency and should uncover any threats, vulnerabilities, or compliance issues your business may have.
- Cyber Security Risk Assessment – The cyber security risk assessment is a lighter lift than the complete audit, but still will be time-consuming. A risk assessment can generally be done in six easy steps, which you can read more about here. After running the risk assessment, you should have an exact idea of where your business is vulnerable to outside threats and how financially devastating an attack could be.
- Penetration Testing – So far, our other two tests have been more hypothetical in nature. The penetration test is a great way to find holes in your defenses as third-party “hackers” will attempt to harm or hack your system. A penetration test is the closest you can get to a real hacking situation, so this is like the dress rehearsal for your IT team. As a note, penetration testing should be done now, and then again after you address some of the weaknesses of your team.
Again, time is key, so identifying these issues before the shopping season is truly a must. These tests will most likely come with a high price tag, but once done, you’ll know exactly where to invest in your defenses. If you don’t have the current funds to hire an agency, using something like a loan to handle the extra costs could be worth the effort. After all, you can’t improve your cyber security if you don’t know where you stand currently.
Moving forward, you should be focusing on improving the weakest points of your business.
You can have the best defense system in place but still undergo security threats if your employees are not up-to-date with their cyber security training. Your employees are the first line of defense for your business and often are heavily targeted by cybercriminals that may be attempting to steal your data.
For hackers, tricking or convincing a real person to give them a password is actually much easier than infiltrating some firewall or system. Last year alone, 85% of attacks relied on human error; meaning clicking a bad link or providing an unknown person with sensitive information.
Ultimately, hackers know they can just target whoever is the most technologically illiterate at a company to have the best odds of infiltrating the business. This time of year is when phishing mostly takes place, so now would be a good time to retrain all of your employees about best cyber practices.
As soon as you can, schedule a training session with all employees that touches on some cyber security trends and how to stay safe online. When conducting this session, consider going over some of the following threats or situations that can arise.
- Phishing – One of the most commonly used hacking methods is phishing. Phishing is when a hacker attempts to mirror the identity of a real person in order to get important information out of someone. Usually, a hacker will make a fake email address or phone number that looks almost real, but if you look closely one letter or digit will be off. Within these phishing emails, the hacker will usually ask for a password in a sly way. As a rule of thumb, never give anyone online your credentials, even if you think you know them.
- Ransomware – In recent years, ransomware has become more widely used amongst hackers. A ransomware attack is when a hacker uses a phishing email, but instead of asking for info, they include a seemingly real link that when clicked on can give them access to your account and lock you out. After getting locked out, the hacker will message you with a price to regain access to your account. Again, not clicking on anything from someone you don’t know is the best way to prevent these attacks.
Being as knowledgeable as you can be about the threats out there will help decrease the chances of an attack happening to your business. Make sure each and every employee goes through IT training when they are hired and regularly throughout their tenure.
Secure All Equipment
Usually, in this section, we would be recommending the use of computer firewalls, password management tools, and other traditional security measures. But during the holiday season criminals often try to take advantage of alternative methods of hacking. These next tips are mainly for retail and eCommerce-based businesses, but they may be relevant for other industries as well.
As mentioned above, during the holiday season hackers will try to infiltrate your business elsewhere. Often, this is through point of sale systems (POS), eCommerce storefronts, and other third-party platforms. To keep your customers’ information safe this holiday season you’ll need to put firewalls in place on your third-party equipment that will deter hackers.
Here are some common ways your business can come under attack and strategies to prevent them.
- POS Tampering – Modern, more mobile point of sale systems (mPOS) are great for newer small businesses, but the lack of security features can invite attacks. Criminals typically target the device that operates the whole unit. In most cases, this is an iPad or Android device, and if it is connected to an unsecured network, your information could be compromised. Consider setting up a secure network just for the mPOS to operate on. Besides setting up a secure network for the device, you can download antivirus and antimalware software for the device itself. Here are some other ways to keep your mPOS secure this season.
- In-Store Skimmers – Here we’re going to look at mobile payment units again. Back in 2015, hackers were able to retrofit old Square units into credit card skimmers that looked almost identical to the newer card reader. These hackers went out and secretly installed them at businesses across the country to gain immediate access to every customer’s credit card info. Since then, the hack has been fixed, but other third-party systems have gone through similar situations. Being extremely watchful of your devices and testing them every day is the best way to keep yourself safe here.
Being proactive now and installing these firewalls will help keep both you and your customers safe this holiday season.
Lean on an IT team
If all of this sounds like it is way over your head, that is ok. After all, managing an entire company’s technology and cyber security is a full-time job.
To save yourself time and energy, you can leverage the help of a dedicated IT professional to help you with all of your tech needs. Our team is extremely knowledgeable in all things IT and can help get your business ready for the holiday season and beyond.
Our team offers both managed IT services as well as support services. Depending on your needs, we’re here to help you. Some ways we can help make sure your business stays secure this year include:
- Business-grade antivirus and antispyware – We offer high-end antivirus for both your computers as well as other devices.
- Password management – Maintaining passwords is the first step to practicing good cyber security. It can be annoying to handle on your own across the entire company, so we’ll do it for you.
- Email security – Putting in email security measures will help filter out more spam and phishing emails before they ever even reach anyone in your company’s inbox.
- Security training – Again, having a base knowledge of what hackers are trying to do will help you and your employees avoid any pitfalls in the future. Our team offers security training to ensure all employees are able to identify common security threats in a real-world setting.
If you are interested in learning more about our services, feel free to contact us today.