Small Businesses Face Growing Data Risks

Cyber criminals don’t only target giant corporations like Sony Playstation. Small companies – even start-ups with only a few thousand pounds of revenue – can also be an attractive target for hackers reports The Huffington Post.

That’s because in the internet underworld a stolen credit card can fetch up to £10. There are criminal sites – illicit versions of online auction sites if you like – where millions of credit card details are up for sale and can change hands at the click of a mouse. Snatching a few thousand credit card details from a small firm’s server, which may not have the security safeguards of big corporations’ systems, starts to look attractive to a hacker.

Understand the risks

Every firm that takes payments using credit and debit cards needs to comply with the Payment Card Industry (PCI) standards on data security. When a retailer agrees to accept these cards it must sign a contract with their bank. Many may not bother to read the full agreement, but they should, as it contains a couple of clauses that are potential dynamite to your business.

If payment card data is stolen from your business, it is likely your bank will ask you to pay for a forensic analysis of what happened. This isn’t cheap. Investigations start at £5,000, but I know of a company that mislaid some back-up tapes and had a bill for forensic analysis of £8 million. The trouble is many companies are operating on such thin margins that one bank told me that two-thirds of firms couldn’t even afford the cost of a basic investigation.

If the investigation reveals your firm does not comply with the PCI standards then you can be liable for the cost of all the charges racked up by fraudsters on those stolen cards. TJX, the owner of TJ Maxx clothing stores in the US – the victim of a massive hack attack in 2007 – was forced to repay $40million to Visa alone in respect of the fraud on stolen payment cards.

Protect your business

A small firm can transfer this risk by holding no customer credit card details on its system. It can ask its bank to handle all payments itself, so when you go to pay you will be transferred automatically to a bank’s payment site.

But that may entail a charge from the bank. It might also be impractical for a company to hold none of its customers’ personal details. In which case, it’s worth investing in encryption software. It’s easy to use and it’s safe.

You press a button and all the credit card details are encrypted. That effectively renders the data dead once it’s saved onto your servers. Even if hackers steal it there isn’t much they can do with that data in its encrypted form.

The online world has created a whole new marketplace and is enabling more and more entrepreneurs to make their ideas a reality. There are steps businesses can take, no matter what their size, to protect themselves from cyber criminals and get on with what they do best – driving their business.