The only thing spookier than the upcoming Halloween season is the cyberthreat landscape facing modern retailers.
In the past 12 months, cyberattacks have rattled retailers big and small – but especially small. According to research from First Data, 90 percent of cybersecurity breaches impact small businesses. The average cost of these breaches is $36,000, but can reach as much as $50,000.
But wait, it get's worse …
While holiday seasons (Halloween, Thanksgiving and Christmas) are certainly times of plenty for retailers who play their cards right, they also have the potential to go horribly wrong. The reason, according to DARKReading contributor Sara Peters, is that the spike in commerce draws just as much attention from hackers and fraudsters as it does from shoppers. Some of the potential threats that retailers need to look out for year round, but especially during the holiday seasons, include the following:
- Point-of-sale malware: There are so many devastating strains of POS malware (CherryPicker, Abaddon POS, CenterPOS, RawPOS, BlackPOS – the list goes on and on), and only so much that can be done to stop them from scraping away at your customers' payment card data. If you haven't deployed EMV card readers, we highly encourage you to do so. While they won't necessarily guarantee the security of your customers' payment data, they're inherently more secure than magnetic stripe processors, and they will shield you from liability.
- Unauthorized endpoint access: During the mayhem that is Black Friday or the weekend before Christmas, shoppers will be busting down the doors, requiring stores to keep all hands on deck. During this time, it's essential that all store endpoints (i.e. computers, mobile POS terminals, etc) are safeguarded. All it takes is one bad actor with a malware-filled flash drive getting too close during the chaos to send your entire IT environment crashing down.
- POS skimmers: More or less, these are exactly what they sound like. Often, companies that market second-hands, users or bargain card readers will end up selling you rigged payments processors, which means it's in your best interest to fights off the urge to be overly frugal. Unfortunately, not even that can protect you. Some of these nasty little devices can be installed in mere seconds, according to security reporter Brian Krebs. He added that these types of skimmers are "an enticing buy for a crooked employee." What better time to start gathering payment data than during the holiday rush?
- Ecommerce fraud: It's not just your brick-and-mortar assets that are in jeopardy. Hackers have been known to use a clever tactic called a SQL injection to exploit weaknesses in e-commerce solutions. Basically, cybercriminals enter code into an data input entry fields (which are how customers interact with the website) on an online store as a way of triggering certain commands on the backend that can ultimately be used to establish admin rights. From here, cybercriminals who know what they're doing can wiggle their way into your company's databases.
- DDOS: This stands for distributed denial of service, and it does the same thing to your business's website that 5 o'clock traffic does to an interstate with two of its three lanes shut down. Using botnets (fake web users), cyberattackers will funnel massive amounts of traffic to an e-commerce platform, basically causing it to crash from too much traffic, resulting in a complete profit standstill. Often, hackers will do this with extortion in mind. Until they get paid, they'll keep on dispatching their botnets. During the holiday season, especially on a busy shopping day like Cyber Monday, hackers' work is already halfway done for them thanks to all those bargain hungry web users.
…So where does that leave your small business?
The good news here is that there are plenty of ways to mitigate most of these risks. Point-of-sale malware, for instance, can be kept at bay through frequent system restores of the computers being used as platforms for a POS system.
More importantly, do everything in your power to make sure those POS systems are EMV enabled, even it means having to take out a small business loan. A PCI liability shift that occurred Oct. 1, 2015, changed the rules of the retail game: If your customers' payment data is stolen as a result of a breach on your system, and you haven't provided the option of EMV, you'll be accountable for those losses, and they will hurt.
As for unauthorized endpoint access, properly protect your devices with authentication. Use advanced passwords that incorporate letters, numbers and special characters, and change them once a month or more. Never leave a mobile POS unattended, even for a second. As for POS skimmers, don't buy cheap payment processors.
And finally, to protect your e-commerce assets, make sure you encrypt all of your website data, all the time. Redundancy (in the form of backup servers) can also help in the event of a DDOS attack. Additionally, be sure to deploy firewalls, web gateways and anti-spam software.
The time to fortify your small business is now. Contact an alternative lender, and get the merchant capital you need to stay safe during the upcoming holiday seasons.