Photo by Nahel Abdul Hadi on Unsplash

Verizon’s 2019 Data Breach Investigations Report shows that over 40% of global cyberattacks are on small businesses. It’s not just the businesses’ financial futures that are at risk, but the customers’ too – from payment data to names and contact info.

Small businesses can consider the following strategies to keep their customers’ data safe.

Three points encryption.                        

Encryption essentially scrambles data so that it’s unreadable when viewed by persons without the encryption key. Small businesses, especially e-commerce sites should be encrypting customer data at all three points – at rest, in motion and in use.  They can get encryption expertise or support from companies that provide point-to-point encryption and tokenization technology, like Elavon.

Train employees.

Train employees about the best cybersecurity practices. These best practices include establishing policies employees must abide by, including guidelines for cash handling, and for storing and destroying paper documents containing personal information.

Require strong passwords for customers.

The first step is to implement a password process that requires unique characters and capitalization. Another step is multifactor authentication which combines two or more independent credentials such as a person’s password, a security token sent via text message or a temporary code provided through an application and/or biometric verification.

Systems are up-to-date and applications are patched.

Software updates ensure that systems and applications are up-to-date and patched because criminals are constantly discovering weaknesses in software and systems. Businesses need a good e-commerce website manager who can keep the site up-to-date, end-to-end, and ensure third-party applications are safe—for example, Magecart.” The website manager could be a vendor or independent contractor to perform regular reviews and updates.

Follow best practices for application security.

Businesses should take proactive steps to protect customer data. They may need the services of a trained developer to assess what good application security practices are applicable to the business and how to maintain them. According to Phil Agcaoili, senior vice president at Elavon, “Early awareness and preventive measures important to addressing cybersecurity risks for businesses.