Data Breaches and You: Protecting Your Business in 2018 and Beyond
We’ve all heard about the recent Saks and Lord & Taylor data breaches, or the Target, Home Depot, and Yahoo breaches of 2017. We tell ourselves, “It won’t happen to my business. Those other guys are huge, multinational companies with tons of money and data”.
But the reality is that more than 71 percent of hackers target businesses with less than 100 employees, and 60 percent of U.S. small businesses have experienced a cyber-breach. Furthermore, 65 percent of all breaches are through point-of-sale terminal or web application attacks.
Of these breaches, the top industries targeted are hospitality, lodging and retail. These businesses are high-value targets for hackers because of the following:
- Old or aging point-of-sale devices with old versions of vulnerable software
- Large number of individual credit cards to steal
- Poor IT network infrastructure that doesn’t separate Wi-Fi and card data environments
- High employee turnover that may cause processes and security policies to be lost
- Multiple employee access points into the network without strong authentication
And the problem isn’t slowing down. There was more data lost or stolen in the first half of 2017 than all of 2016 combined. When you crunch the numbers, that’s an increase of 164 percent from 2016, and an average of 10.4 million records exposed a day. The average loss for a small merchant who is tied to a data breach can be anywhere from $30,000 to $100,000, which includes costs for upgrading equipment, paying for forensic investigation of the network and paying fines to the card brands.
How can businesses protect themselves?
- Follow the PCI DSS Standards.
- Use a PCI compliance vendor program to complete PCI compliance attestation such as Heartland’s Merchant Protection Program.
- Leverage secure products such as Heartland Secure’s point-to-point encryption technology to minimize data.
- Educate and empower employees to identify issues first.
- Understand your risk and perform risk assessments to find vulnerabilities and gaps.
- Prepare for a breach by implementing an incident response process.
Heartland is here to help. If you have any questions about compliance or what you can do to protect your business, contact PCICompliance@e-hps.com.