David Sabot, Assistant Professor specializing in criminal justice at Johnson & Wales University’s College of Business in North Miami, contributed this article to BusinessNewsDaily's Expert Voices: Op-Ed & Insights.
Small businesses often heavily rely on Internet technologies — from the use of credit card services to the storage of data — to operate successfully in the modern marketplace. While this dependence on the Internet is a cost-effective strategy to carry out operations, it can also make small businesses even more vulnerable targets for cybercrime.
Latest developments in data storage, security and cybercrime
Recent annual reports from the data security realm have highlighted several important developments regarding data storage, security and cybercrime that should be of interest to all small businesses:
- Smaller businesses are becoming more attractive targets for cyber intrusion. Many rely on credit card services as a central part of their commercial activity, however they are not putting nearly enough effort toward taking steps to reasonably secure their transactions and their stored data.
- Cost cutting in data storage could have a negative impact on your bottom line. Most small businesses are migrating to "cloud" storage of data in order to cut costs however this is being done without diligent risk assessment of the security concerns that come with such a move. This type of cost cutting may not end up being cheap in the long term when one weighs the cost of liability exposure.
- The law, at all levels, is woefully behind evolving technology. Current laws cannot be seen as a meaningful deterrent to cybercrime activities. Businesses should not look to the government as the cavalry coming to the rescue. Rather, they must be self-aware and self-reliant in protecting themselves.
A starting point for protecting your data
Businesses interested in protecting themselves from cyber criminals should adhere to the Payment Card Industry's Data Security Standard. This information security standard, recently created by the consortium of credit card companies, is designed to address the risk of monetary loss and other liability exposure of those businesses digitally transmitting and storing data connected with providing credit card services to their customers.
The new Data Security Standard requires six simple and straightforward, yet critical, steps that all businesses should take to protect their data:
- Maintain a secure network using updated firewalls and strict, secure password habits. "Password" is not a good password.
- Use updated encryption to transmit and store Personally Sensitive Information (PSI).
- Use updated anti-virus software, anti-spyware programs, and other anti-malware solutions. Ensure that the programs are up to date by downloading all the necessary patches.
- Personally Identifiable Information (PII) data of customers should be physically as well as electronically secure.
- Monitor and test all these security measures constantly.
- Write and enforce a constantly updated Information Policy.
While the observance of this security standard is a contractual requirement for services from the credit card companies, following the standard creates a viable, usable defense to allegations of negligence regarding the security of customer data. Complying with the standard on a consistent basis will not be an absolute defense, but it is a strong defense against such allegations.
The views expressed are those of the author and do not necessarily reflect the views of the publisher.