This Viewpoint originally appeared in the Nov. 27 issue of GSA Business Report.
The holiday season is a great, but busy time for businesses. With Black Friday just passed and Cyber Monday right here, retail businesses and restaurants need to make sure their systems are ready for the surge in business.
Often, the concern for retail stores and restaurants is making sure the shelves are stocked with the latest toys, trendiest sweaters and planning food inventory properly, not about whether the company has updated its security patches.
This is where a business could find itself in trouble. As consumers head out to get gifts and mingle with family, hackers are also busy getting ready to cash in on a business’s security mistakes.
Aside from the frustrations a cyberbreach can cause, it can also harm a business’s reputation, which is why it’s important that all businesses — not just large retailers — are alert and prepared.
Below are several things all businesses should do to help keep their data and their customers’ data safe this holiday season:
Double check software
We’ve all been guilty of ignoring a software update on our phone, but these updates are essential to maintaining proper security.
Much like our smartphones, computer systems need to be updated regularly, as well. The updates help to resolve any vulnerability in the software and security patches, so it’s essential that these updates be processed properly.
Viruses can occur in many ways, and sometimes they infiltrate a system because of an error by an employee. Email is key to business operations, but with that comes risks, such as phishing scam emails. Clicking on a link in one of these emails can cause your system to be hacked, ultimately putting your customer data at risk.
Talk to your employees about best practices for email usage. The most important thing to explain is to avoid opening or clicking links from unknown senders. Keep an eye out for sloppy typos or grammatical errors, as these could be signs of a spam email.
Businesses should be changing their passwords regularly, as hacking software can test up to 10 million password combinations in seconds. When protecting data most appealing to hackers, such as billing, tax and credit card information, businesses can consider using a two-factor authentication method or a secure password generator.
It’s important that all devices that have access to private information are password-protected, including workstations and employee devices. There should be a lock screen in case the device gets tampered with, lost or stolen.
We often hear about card skimmers being attached to credit card devices at businesses that don’t have a lot of close surveillance, such as gas stations. But the holiday season can lead cybercriminals to take more risks, such as attaching these devices to grocery and retail store checkout stations.
Let your employees know they should report any unusual lingering near checkout stations and to keep an eye out if the card station doesn’t appear to work properly.
Back up data
After businesses suffer a cyberattack, they usually find that a lot of the stolen data could have been protected and restored if it had been backed up. For example, ransomware viruses hold a computer’s data hostage until a ransom is paid; that is, if they give it back at all — most take the payment and never return the data.
If a business had the computer data routinely backed up, it could forgo the risk of paying the ransom. Not only are routine backups essential when it comes to cybersecurity, they are helpful for disaster recovery, such as flood, fire or storm damage. All data should be backed up on-site and off-site and tested regularly.
Plan for the worst
No one wants a cyberbreach, but as cybercriminals continue to fine-tune their skills, and we as a culture continue to embrace the digital sphere, it becomes more important for businesses to have a plan for if a data breach were to happen. The action plan should include working with an IT expert to restore data and system security, alerting stakeholders, and sharing details about next steps.
Though major retailer breaches make headlines, small and midsize businesses are popular targets for cybercriminals. All businesses should take the proper steps to keep cybercriminals at bay.
Amy Justis is the owner of CMIT Solutions, which provides IT support to small and midsize businesses. Reach her at firstname.lastname@example.org.