You can reduce the risk of a hacker attack on your business by doing the following:
- Installing security software and keeping it up to date
- Limiting access to your wireless network
- Keeping work and personal devices separate
- Keeping “backroom” technology away from the sales floor
- Limiting administrative access on business devices
- Ensuring your employees understand the latest payment technologies
- Regularly training your employees
Limiting access to your wireless network
Limiting access to your wireless network reduces the risk of your network being hacked. You can limit access to your wireless network by doing the following:
Note: We recommend your password contains between 8 and 20 characters, including at least one number, a mixture of uppercase and lowercase letters, and it must not match your user name, your name, your business name, or any employee’s name.
Keeping work and personal devices separate
Protecting customer and business information is very important—bad practices, either accidental or deliberate, can compromise sensitive information.
You should discourage your employees from checking personal email or their social media accounts on any equipment used to process payments, as this increases the risk of attack from infected files and webpages. Additionally, you should also discourage your employees from performing business-related processes on their personal devices.
Keeping “backroom” technology away from the sales floor
It is important to make sure your employees understand the correct storage location for every business-related device. For example, your staff should never bring a computer that stores credit card numbers, staff social security numbers, or any other personal information, onto the sales floor. In some cases, you can use devices such as tablets, etc. as payment terminals, or to enhance customer experience. You can use these on the shop floor, but you must make sure that they are not left unattended.
Limiting administrative access on business devices
You can reduce the risk of vulnerability by minimizing the following:
- The number of management employees who have administrative access to your devices
- The number of management employees who manage customer information or access paycheck information
Note: Administrative access allows a user to access and install your device’s security software and other programs.
We recommend granting administrative access rights only to trusted management employees. You should create individual user credentials for each administrative user, that way if a breach occurs it is easier to find out which user is responsible.
Ensuring your employees understand the latest payment technologies
You should keep your sales associates up to date with the latest payment technologies. This ensures that customers are using the most secure payment option available. For example, making sure that your sales associates are aware of how mobile payments and EMV chip cards make the retail experience more secure means that they can guide customers through the process of correctly using those technologies to complete a transaction securely.
Regularly training your employees
You can reduce the risk of internal security vulnerabilities by encouraging continuous awareness of security and best practices through regular training and engagement with your employees.
You should provide regular training to make sure your employees do the following:
- Stay up to date on new technologies and best practices
- Are aware of how their role can impact the security of your business and your customer’s sensitive information
It is important to keep your employees up to date on the security implications and best practices for any new payment technology that you have installed in your store. We recommend that you schedule training every six months or every year to update staff on the new technology and to answer any questions they may have.
Let us know if this answered your question. If not, please let us know why!
Tags: hacker, payment card industry, secure transactions, security software, compliance, fraudulent transaction, pci, protect business