Retailers! Avoid getting hacked during the holiday season (or any other time of the year)

Tips for cash-strapped retailers looking to avoid getting hacked, during the holiday shopping season, or any other season.

Tips for cash-strapped retailers looking to avoid getting hacked, during the holiday shopping season, or any other season.

Hackers target retailers during the holiday shopping frenzy each year, so here are a few tips to avoid becoming a victimized business owner, and keep your customers safe this season. And no, you won’t need to get a big loan to improve your security, this is all doable on a small business budget.

1. You’ve got a chip reader, right? If not, you’re not alone. In the small businesses I visit locally, a startling number of them don’t have the latest Point-of-Sale (POS) gear that reads the newer style payment cards with the chip in them (EMV). Getting aboard the chip card train not only increases your protection against fraudulent shoppers, it improves your security profile. For scammers potentially targeting your business, lack of a chip reader is a good indication of the overall condition of your “hackability.” If you haven’t gotten the card reader right, what else could be easy to attack? Hint: Lots.

Also, many hacks start with the remote management software used in POS equipment, so make sure that’s locked down so the bad guys can’t get in. Think this is all too expensive? POS (and computer hardware in general) gear with modern improvements drop in cost as the production ramps up, so it may be cheaper than you think.

2. All firewalls are not created equal. One of the most common attack points these days is your broadband router. Still got the one from 10 years ago because it still works? Turns out your router does a lot more than just direct digital traffic from the Internet, your computers, printers and tablets; it also does a hefty amount of firewalling, blocking nasty things from creeping into your office. Got an infected computer? A good firewall will keep it confined so it won’t spread to others. And you don’t have to break the bank. Decent, mid-priced modern routers often have decent firewalls that have some of the latest threat detection built in, and you don’t have to spend millions; plan on more like a couple hundred.

3. What happens if you get hacked? You have a plan, right? No? You’re not alone, most businesses don’t have a disaster recovery plan, or if they do it’s sitting on a dusty shelf and doesn’t include recovery steps for half of the newer equipment they’re now using. But something is better than nothing. Specifically, you should pay attention to the steps you plan to take in the event of payment card theft. Whose fault is it? If you can prove that you took some basic security steps, your part of the bill could drop steeply. If, on the other hand, you didn’t do those basics, the costs could be staggering. You don’t have to be a security genius to do it either, just some common sense and a little bit of hardware/software and your techie friend’s phone number.

4. Have a techie friend. Preferably someone who knows the tech but can explain it to real people. This is often what’s missing in business. As an owner you understand that there are numerous areas that need protecting, but you’re probably the only one who sees the business unit as a whole. You need that same perspective when it comes to protecting your business digitally – someone who gets the big picture and can recommend what’s best for your specific situation, not some generic “panacea du jour” listed on a shiny brochure you picked up somewhere.

5. Update things — preferably automatically. If all of the digital gear in your business isn’t updating its defenses pseudo-automatically (or even fully automatically), you won’t have the latest defenses against the latest attacks. So unless you want to spend every night reading security mailing lists and applying patches manually, you have to automate. Your job is to a run a business, not run all the security bits needed to stay safe. So find software, firmware, and hardware that keeps up. This includes everything from your endpoint security (hopefully you also have that for mobile devices, they get hit these days too), on up to your physical security system on the doors and windows. Security changes fast, make sure your business does as well.

You can do all this for very little money, or you can go crazy — budget-wise. But in most cases, there’s no reason to get really big expensive equipment, you really don’t need it (unless your business scales quickly, but then you can hire a security expert anyway). It’s easy to get sold the most expensive thing on the brochure, but don’t fall for it. Just a modest monetary expenditure, coupled with a smart techie, will have your business worlds ahead this holiday shopping season, protection-wise.

This article originally appeared on CBS Small Business Pulse.

Sign up to receive an email update whenever a new article is published in our Ukraine Crisis – Digital Security Resource Center