Gaining the trust of your customers can be a lengthy and effortful process. When your business has gone from building on an online presence to consistently providing a top-notch customer experience, you feel confident that your customers would never leave your side.
In reality, you could lose them in the blink of an eye if you fail to protect your customers from cybercrime.
The cybersecurity spotlight has heavily focused on independently-owned businesses in the past year and a half. The frightening truth is 43% of cyberattacks target small businesses. Even worse, only 14% of those businesses have prepared to defend themselves.
Keep your customers and business safe by guarding against attacks from cybercrime.
The Dirty on Cybercrime
As the number of businesses making a digital transformation continues to rise, companies are becoming more dependent on tech advances to help run and manage their day-to-day.
Unfortunately, while shifting everything from major company processes to sensitive customer data online, small business owners forget to take the next step of protecting that information against cybercrime. Criminals seek out that weak spot.
Within the past year, there was a 424% increase in new small business cybercrime.
Rebecca Ledingham, a former member of law enforcement, now working for Mastercard, shares that because cybercrime is low-risk with low barriers and easy-to-access tools, anyone could be behind the opposing screen.
“They don’t care who you are,” Ledingham explains. “They care that you are connected to the internet and have a vulnerability to exploit.”
Even if a company survives cybercrime, the damage can linger for years and result in unexpected long-term costs such as:
- Financial loss from paying ransom
- Lost business and customer data
- Disruption in regular business
- Revenue loss from downtime
- Cost of notifying customers and shareholders
- Cost of legal liability and representation
- Hard to reverse brand damage
- Decrease in productivity throughout the company
Avoid Big Penalties
Back in 2018, the Australian Small Business and Family Enterprise Ombudsman introduced mandatory data breach reporting laws that essentially puts the onus on data breaches via cyberattacks wholly on the business (that’s you).
When a breach of data is found, the breach must be reported to the Office of the Australian Information Commissioner (OAIC), as well as to the individual affected. This legislation carries substantial penalties and affects any small business that collects personal information from their customers and staff.
A report by Telstra found 33 per cent of small businesses don’t take proactive measures to protect against cyber breaches. With penalties of up to $360,000 for individuals and $1.8 million for organisations, the impact of a breach on a small business can be devastating. To make sure you don’t end up on the wrong side of a security breach, check out the OAIC’s Data Breach Reporting Guide.
Actively Seek Out Weak Points
Get ahead of attacks by channeling your inner cybercriminal. It sounds crazy, but you do it while locking up your storefront. Rooms, windows and doors get checked twice to make sure no one sneaks in. Keep that same energy when taking your business online.
Figure out where your holes lie and quickly cover your bases before the bad guys find them. Actively seeking out these weak points is important because the average data breach takes 197 days before it’s discovered.
By catching it within the first 30 days, you could save your business upward of $1 million. With that being said, having a data breach response plan ready to go is a must.
60% of small businesses that are victims of cybercrime go out of business within 6 months.
Back-Up Your Data
One way to better avoid penalties and downtime if your company ever experiences cybercrime and you’re locked out of your system is to back up the data you currently have. The longer your business is down the greater the risk of going out of business.
Make a point to back up your processes, daily sales, customer logs and other valuable information every time you get a chance. Be sure to go the extra mile to encrypt the data — if not for yourself, then for the customers who put their trust in your business.
Update Your Software
If the system and software update alerts at the corner of your computer irk your soul, you’re not alone. But, before you click the delay for 2 days button for the 5th time (I know I’m not the only one), just say okay and update it now.
Rumor has it the software companies aren’t pushing these updates just to annoy you and slow up your day — shocking, I know. Updates go beyond new features and bug fixes. They also correct flaws in the system that can leave your business otherwise vulnerable.
This extends beyond your laptop to anything your company owns with an online component including your printer, scanners, web servers, websites and even your elevators.
So as bothersome as those alerts are, take the 5 minutes to install the update and further protect your business and customers. The Australian Cyber Security Centre has some guides to help you stay up-to-date.
Use Strong Credentials
If you want to protect your customers’ information and your business data, you’ll want to start by getting serious about your password protection. It’s one of the simplest defenses you can start off with.
Don’t go simple when creating this. Use a passphrase as opposed to a password (see below). And, although it seems unnecessary, make a habit of changing this out regularly, especially when you share it with other members of your staff.
30% of data breaches come from the inside.
Avoid Requesting Personal Identifiable Information (PII)
When it comes to collecting customer information, sometimes you feel like you need to know it all for the sake of great customer service. But, if you’re not careful, it can turn around to bite you later.
Avoid requesting your customers’ sensitive information as a precaution. When companies lose customer data to cybercrime, they have to undergo investigation before getting slapped with a hefty fine.
PII to avoid includes:
-
- Full name
- Social Security number
- Driver’s license number
- Address
- Bank account number
- Passport number
Stay PCI DSS Compliant
When customers swipe their cards with your business and pay online, they’re trusting that you are in compliance with the Payment Card Industry Data Security Standard (PCI DSS), a written standard created by the major card brands. They may not say it in those words, but they trust that you dedicate the time to protect their information.
If you’re accepting card and online payments the PCI DSS must be followed. And, while strict, it’s the bare minimum business owners should do to safeguard against cybercrime to help protect clients.
By following these tips you’re making your business less vulnerable to being attacked by cybercriminals. Getting ahead of small business cybersecurity helps you that much more in ensuring your business and customer data is safe.