7 Holiday Season Security Tips for Small Merchants
Jingle bell, jingle bell, jingle bell rock
Jingle bells swing and jingle bells ring
Snowin' and blowin' up bushels of fun
Now the jingle hop has begun
So if you haven’t already notice, I am going to be starting this month’s blog articles with some Christmas song lyrics. And not just any Christmas songs, but a few of my favourite ones! Totally unrelated to the topic at hand we are discussing today though, but hey, it’s Christmas!
So with about 2 weeks left to Christmas, let me ask you this very very important question:
Are you done with your Christmas shopping?
Because I am not. In fact, I haven’t even started. But I will eventually start browsing online for Christmas presents when I take the bus or train I guess. Because while I honestly do prefer shopping in brick-and-mortar stores, I really ain’t got time to walk the streets of Orchard. So online it is then!
And with more individuals like myself shopping online these days especially after the pandemic, and with more businesses offering their goods and services via an e-commerce platform, it’s important merchants understand what steps they can take to protect their business and customer data from cyber criminals.
#1: Lock down your login
Fortify your payment terminals, accounts, and ecommerce platforms with long and unique passphrases for all accounts and use multi-factor authentication (MFA) wherever possible. MFA will fortify your online accounts by enabling the strongest authentication tools available, such as biometrics or a unique one-time code sent to your phone or mobile device.
#2: Don’t hesitate to update
Keep the software on all Internet-connected devices up to date. All critical software, including computer and mobile operating systems, security software, e-commerce software, and other frequently used programs and apps, should be running the most current versions. Turn on automatic updates in the security settings.
#3: Think before you click
Criminals will try to trick you by pretending to be your bank, payment processor, trusted business partner, etc. If you receive an email encouraging you to take action, do not be so quick to click on the link. Instead, call the company directly or go to their website (not using the contact information in the email itself).
#4: Limit access
Do an audit of who has administrative or privileged access to your e-commerce site and payment data. Restrict that access to only those who need it to do their jobs.
#5: Back it up
Protect your sensitive information by making an electronic copy and storing it safely. If you have a copy of your data and your device falls victim to ransomware or other cyber threats, you will be able to restore the data from a backup. Use the 3-2-1 rule as a guide to backing up your data. The rule is: keep at least three (3) copies of your data, and store two (2) backup copies on different storage media, with one (1) of them located offsite.
#6: Encrypt your payment data
Check with your vendors to see if they encrypt payment data while it is being stored and transmitted so that you can hide sensitive data from criminals.
#7: Seek help
Criminals are always targeting consumers and merchants, but increase their efforts during busy online shopping periods. Talk to your payment vendors and to your information security professionals in your community so you can fortify your defenses ahead of the season.