We’ve all heard about the Target, Home Depot, and Yahoo data breaches and tell ourselves, “it won’t happen to my business,” because those companies are huge, multinational businesses with tons of money and data.
The reality is that more than 71 percent of hackers target businesses with less than 100 employees, and 60 percent of U.S. small businesses have experienced a cyber-breach. Furthermore, 65 percent of all breaches are point-of-sale terminal or web application attacks.
Of these breaches, the top industries targeted are hospitality, lodging and retail. These businesses are high-value targets for hackers because of the following:
- Old or aging POS devices with old versions of software that have vulnerabilities
- Large number of individual credit cards to steal
- Poor IT network infrastructure that doesn’t separate Wi-Fi and card data environments
- High employee turnover that may cause processes and security policies to be lost
- Multiple employee access points into the network without strong authentication
And the problem isn’t slowing down. Researchers predict that cyber losses will grow from $460 billion in 2016 to more than $6 trillion by 2021. The average loss for a small merchant who is tied to a data breach can be anywhere from $30,000 to $100,000, which includes costs for upgrading equipment, paying for forensic investigation of the network and paying fines to the card brands.
How can businesses protect themselves?
- Follow the PCI DSS Standards. https://www.pcisecuritystandards.org/pci_security/maintaining_payment_security
- Use a PCI compliance vendor program to complete PCI compliance attestation such as Heartland’s Merchant Protection Program.
- Leverage secure products such as Heartland Secure P2PE devices to minimize data.
- Educate and empower employees to identify issues first.
- Understand your risk and perform risk assessments to find vulnerabilities and gaps.
- Prepare for a breach by implementing an incident response process.
If you have any questions about compliance or what you can do to protect your business, contact PCICompliance@e-hps.com.