Small businesses are facing new challenges as the coronavirus pandemic continues unabated around the world. From laying off staff to transitioning to remote work to seeking emergency loans, small businesses are navigating a flurry of concerns. As of May 2020, 82% of U.S. small businesses reported being concerned about the pandemic’s impact, with those in the retail and service sectors saying they are very concerned.
Brick-and-mortar business stalled or slowed to a trickle while states remained closed, but online business has skyrocketed over the past few months. Since the pandemic first started to impact consumer spending in March, the Adobe Digital Economic Index reflects that eCommerce sales are $52 billion higher than experts had predicted.
With so much activity taking place online, businesses have one other newly pressing concern to address: cybersecurity.
Why a strong cybersecurity network is important
While cybersecurity has always been top of mind for businesses that operate online transactions, the issue is now being pushed toward the top of the priority list. For companies competing in this changing world, taking steps to show they care about customers’ safety is extremely important.
Cybercrime has long been a global problem, causing as much as $600 billion in damage to the global economy every year. It’s been called “the greatest transfer of economic wealth in history,” and even before the pandemic started, cybercrime was the fastest-growing crime in the U.S.
Since the start of the pandemic, cybercrime has gone through the roof. The U.N. has reported a 600% jump in malicious emails since the crisis began and has estimated that a cyberattack occurs every 39 seconds. The number of phishing sites identified by Google more than tripled between January and March 2020, jumping from around 150,000 to more than 522,000.
Whether its malware, phishing, spear-phishing, identity theft, social media threats, or some other deceitful activity, cybercrime is a major concern for consumers and businesses alike. In this atmosphere of increased digital criminality, customers need to have confidence that the companies they are dealing with have full awareness of the problem and robust procedures to reduce its probability and address it if it happens.
Taking cybersecurity seriously, and being transparent about efforts to prevent and address it, are two of the most important things that businesses working online can do right now.
7 ways to improve your cybersecurity
Businesses can find many ways to address cybercrime — especially when it comes to payment safety. Start by developing a full list of the possibilities for cybercrime and an analysis of your systems to identify weaknesses. Then follow these tips to ensure you run a tight ship.
1. Coach your staff to be skeptical and vigilant
Help them keep a weathered eye out for phishing emails and websites. There are some trademark tells for these types of fraud, such as misspellings, wonky-looking graphics, urgent or threatening language, suspicious attachments, and requests to click on a link. Tell staff to type in the URL or search for information from trusted websites instead of clicking any links.
2. Provide clear security protocols and training to staff
Make sure that your policies are laid out explicitly and that staff know how to implement them while working from home. Require staff to change their passwords regularly, install updates and patches promptly, and use a virtual private network (VPN) to connect to work systems remotely.
3. Use an address verification system (AVS) for online payments
AVS helps make transacting more secure and reduces fraud by verifying each customer’s billing address with the cardholder’s issuing bank. This option is most secure when used in combination with CVV2 verification, which makes customers input the three- or four-digit code on the back of their credit card.
The perks from your business credit card can greatly benefit your company. Likewise, your customers may depend on their personal credit cards to manage their own finances. You want to ensure that you’re taking all the precautions needed to protect their, and your, interests.
4. Have a policy regarding duplicate channels of communications for sensitive data
If staff members need to transfer sensitive data or download files from emails, advise them to find a way to verify the origin or destination as legitimate before pressing “send” or “download.” For instance, contact the purported sender via message or phone to check that they sent the email, or inform the intended recipient that they are about to receive sensitive information.
5. Comply with Payment Card Industry Data Security Standards (PCI DSS)
PCI DSS sets out guidelines and best practices for receiving, transmitting, and storing card data. Following these guidelines will ensure that your customers are transacting as securely as possible and will give them peace of mind when doing business with you.
6. Supply a VPN for remote access
With many employees working from home, businesses need a secure way to access company records, files, and tools. Set up a secure VPN and make sure all your employees know how to use it.
7. Help employees better protect their Wi-Fi networks
Offer remote employees guidance over the phone to help them improve the passwords on their Wi-Fi routers. Make sure they understand that they must only use secured Wi-Fi networks to do company business.
With attackers looking for opportunities to take advantage of remote work arrangements and online transactions, companies need to ensure they are being more proactive than unusual to avoid problems and maintain their customers’ trust.
4 steps to mitigate and respond to data breaches
There’s a possibility that you’ll experience cybercrime even if you put all the right protocols in place. If you think you may have been breached, follow these 4-steps.
1. Assess the damage
Assign information security employees to investigate the details — what information was compromised, what business functions were affected, and who the attacker may have been — of the breach. The team should keep a written log of its findings and identify potential fixes as they assess what went wrong.
2. Inform authorities
Notify your local police department about what happened, including salient details about how the criminals were able to obtain access. Also, inform the FBI and file a complaint with the Federal Trade Commission (FTC). Reach out even if the problem seems small; it may be a small part of a bigger pattern that authorities are watching.
3. Notify affected customers
If the breach has compromised customers’ information, notify them right away so they can take steps to protect themselves as best they can. However, clear this communication with law enforcement first so as to not interfere with an investigation.
4. Fix any weaknesses
After you’ve assessed the problem and communicated with the appropriate parties, it’s time to learn from what happened and make any necessary changes. Work with your information security team to figure out what improvements can prevent a similar breach in the future and whether the incident revealed any weaknesses that you should address.
With cybersecurity, it’s important to be proactive
With cybercrime rapidly on the rise, there’s a very good chance you’ll face some kind of threat — and even a successful breach — sometime in the coming months or years. Put as many policies and protocols in place to prevent an intrusion, and map out ahead of time how you will respond if criminals test your defenses.