January 05, 2021
The COVID-19 pandemic has quickly changed how small businesses accept payments. Merchants that previously only had brick-and-mortar locations are moving to accept e-commerce and over-the-phone transactions, and there is always an element of risk associated with that. Today we’re sharing some basic but important tips to help small businesses keep their customers’ payment data secure in this rapidly changing environment.
Don’t store card data.
The best way to protect against data breaches is not to store card data at all. Many small merchants are offering curbside pickup now and are accepting telephone payments in lieu of former face-to-face transactions. Avoid writing payment card details down and instead enter them directly into your secure terminal.
Use strong passwords.
The use of weak and default passwords is one of the leading causes of payment data breaches for businesses. To be effective, passwords must be strong and updated regularly. Weak and vendor default passwords are a frequent source of small merchant breaches.
Keep your systems updated and patched.
Cybercriminals look for outdated software to exploit flaws in unpatched systems. Timely installation of security patches is crucial to minimize the risk of being breached. One way to keep up with all the necessary changes is by ensuring vulnerability scans are performed regularly to identify security issues. Rimstorm can help you identify vulnerabilities and misconfigurations in your internet-facing payment systems, e-commerce website and other systems, and provide you with a report of your vulnerabilities and how to address them. Additionally, we can address them for you. But either way, it’s absolutely essential to act upon the results of vulnerability scans and keep your software up to date.
Secure your remote access controls.
To minimize the risk of being breached, it’s important that you take part in managing how and when your systems are accessed. Criminals can gain access to your systems that store, process or transmit payment data through weak remote access controls. You should limit use of remote access and disable it when not needed. If you must allow remote access, use multi-factor authentication and strong remote-access credentials that are unique to your business and not the same as those used for other customers.
Beware of phishing scams.
Hackers use phishing and other social engineering methods to target organizations with legitimate-looking emails and social media messages that trick users into providing confidential data, such as payment card number, merchant account number or password. Small merchants need to be extra vigilant and be on the lookout for common phishing and social engineering hacks.
Small businesses in particular face significant financial loss when a cyberattack occurs. With more people relying on — and expecting — remote payment options, it’s more important than ever to keep every transaction as secure as possible. Rimstorm can help you do exactly that.