Credit cards and debit cards have become ubiquitous. They are convenient. Everyone takes them. They truly are replacing cash in most consumer interactions. While many carnivals and concessionaires still live in an all cash world, more and more are moving toward accepting credit and debit cards. Recently, I did a very un-scientific study by checking out twenty random carnival websites. Of the twenty sites I visited, twelve of them offered the ability to purchase tickets on-line using a credit or debit card. Additionally, through my travels, I have come across a number of companies who are now accepting credit or debit cards at ticket booths. Yes, Mr. Dylan…the times they are a changing.
Clearly, this movement is in response to the way consumers transact business in the 21st century. It is a move towards convenience and the embracing of technology. But, we have to be cognizant that with this convenience comes a new level of risk. Risk not only for the consumer, but for the vendors as well. Cyber-criminals are savvy, smart and un-relenting. They can hack into wireless networks, cellular networks and often will do so while in plain sight. You may recall a recent incident where credit card information was compromised from the retailer TJ.Maxx (45.6 million credit and debit card numbers). The criminals are believed to have hacked into the system remotely from anonymous vans outside of the retailers stores…in plain sight. Pretty brazen if you ask me, but that is the new world we live in.
So, what do we do about this? It would be easy to just remain using a purely cash based system. That too has its issues…we’ll leave that for another discussion. If we are truly engaged with what our customers purchasing trends are, we must consider electronic transactions. Should you go down that path, I offer you a few recommendations on how to protect your company and your customers. (Source: American Express)
• Conduct a risk assessment. Evaluate what kinds of sensitive information your company holds and which would be most sought after by cyber criminals, such as credit card numbers or Social Security numbers. Then prioritize to ensure the most vulnerable data is secure first.
• Restrict employee access to sensitive data. Many data breaches are inside jobs. Make sure to only allow trusted and necessary employees to access data that could be useful to thieves. A formal data privacy policy could help institute such rules, as well as ensuring paper documents are locked up in a safe place where people can’t easily access them and that unneeded documents are shredded regularly.
• Use data encryption and strong password protections. Install encryption software on all computers, mobile devices, flash drives and backup tapes, and make sure all devices and key accounts are locked with strong passwords.
• Install antivirus software on all computers—and keep it updated. Many cyber attacks occur via malware downloaded when an employee clicks a link emailed to them. A strong antivirus program will identify and block malicious sites before something compromises the system.
• Consider moving data to the cloud. There’s plenty of controversy over whether moving data to the cloud makes it more or less vulnerable to data breaches. But, for small businesses, having internal servers that store information can pose a big risk—something many business owners don’t want to worry about. On the other hand cloud providers spend every day worrying about data protection.
Once you have done all of these risk management measures, you may also want to consider Cyber-Liability coverage for your company. This will provide protection for your company by paying for the costs associated with such breaches of data. Those costs can run into the tens and hundreds of thousands for an average company. It’s something to consider when you are reviewing your overall risk profile.
Remember folks, we operate in a showmen’s world where for years our word is as good as gold and where a handshake deal still means something, unfortunately, outside of the midway, it a whole different story. Be prepared and be vigilant in protecting your company’s data and your customer’s information.