You’re making a list and checking it twice: wrap the gifts, stock the eggnog, send out the greeting cards, and train employees in Payment Card Industry (PCI) compliance. That’s right, don’t forget to add some additional cyber security measures during the holidays to ensure you’re protected against a breach. A Juniper Research study from 2018 estimates that – not only will cybercriminals steal 33 billion records in 2023 – 12 billion records have likely been swiped in 2018.
On the retail side, the busyness can introduce vulnerabilities as hackers might target offices simply because they’re more busy during the holidays and less likely to notice an anomaly.
How can you be prepared to fight off attacks during the holidays? Here are a few suggestions:
Train your employees. Many breaches occur because of employee errors, or because they’re simply not aware of the risk when opening an email they weren’t expecting. When you hold your cyber security training, begin by educating employees on the crucial role they play in protecting your data and systems.
- Discuss the qualities of a phishing email, which may have urgent language included or may arrive from a sender that the employee wasn’t expecting to send a note. Provide detailed instructions on how to handle a phishing email.
- Talk about the phone version of phishing, in which a caller might impersonate a financial institution and request PIN numbers or other details.
- If you work in an industry like financial services or healthcare, talk about the role of compliance and the impact of a penalty or fine on the business, in addition to the specific rules that apply to your business.
- Don’t forget about seasonal employees. If you work in retail, it’s likely that you staff your locations with additional help, but don’t shortchange these employees in terms of cyber security training.
- Dedicate some training time specifically to PCI compliance with these four steps:
- Teach employees to visually inspect point of sale (POS) equipment at the start of the day or their shift.
- Keep employee-only areas locked so that customers aren’t able to access any other equipment.
- If a shopper inadvertently leaves a credit card behind, protect their information by locking the card in a safe.
- Give employees clear instructions about how they should handle the situation if they notice an unfamiliar device or suspect tampering with the equipment.
- Conduct training at least twice a year, and rather than covering the entire spectrum of cyber security topics, think about discussing three topics at each training.
- Review training materials every 90 days to determine what may need to be added or refined to update the employees.
Create smart policies for cyber security. From password policies that require employees to change their password every three months with a combination of letters, numbers, and special characters, to making cyber security training absolutely mandatory, there’s a lot you can do to protect your business.
Be sure to have an incident response plan and practice it so that when – not if – you have a breach, you are immediately ready to take action.
The holidays are a particularly vulnerable time for businesses in regard to cyber security. For more information about protecting your data and systems, contact us at Effortless. We can help you develop a comprehensive security strategy.