We’ve all heard about the data breaches that have taken place at some of our nation’s biggest businesses — T.J. Maxx, Target, P.F. Chang’s and Home Depot. These are huge companies that had their customer data compromised by criminal hackers and, as a result, incurred mind-boggling fines. But what about smaller businesses? They aren’t as prone to hackers as the big guys, are they?
Actually, more than you would like to think. These companies mentioned above have large budgets for an in-house staff of IT folks who are there to manage and protect the entire technology infrastructure including payment transactions. Small businesses, like your restaurant, are busy focusing on what they know how to do best — serving fantastic meals that make customers happy — and may not take the time to think about things such as their network or dedicated servers or firewalls. Criminals know this and that’s scary …
In fact, according the the credit card companies, small businesses including independent restaurants are the number one targets of criminals. Your small budget makes it difficult for your IT department or, more likely, a third-party consultant to your upgrade equipment. This means that you may not be using the latest standards for data security that have been enacted by the Payment Card Industry (PCI).
Your restaurant, along with every other business, is required to meet PCI’s new Data Security Standards known as “v3.2” that became mandatory on October 31, 2016. The standards require time, money and expertise to implement. But remember, the cost of compliance is less than the cost of a data breach. You can’t afford the financial penalties, loss of revenue and potential lawsuits that can result from this.
So what do you do? According to the Restaurant Solutions Providers Association (RSPA), here are some tips for becoming and remaining PCI compliant:
- Make sure your POS system has a firewall if it has Internet connectivity.
- Be certain that your patches are up-to-date.
- Antivirus software must be in place.
- Change passwords often. If you don’t have a password, create one and use it.
- Turn off remote access when it isn’t needed.
- Stay educated.
- Contact your POS provider to see what exactly you are storing on your system. If you don’t need it, don’t store it.
For more tips, please visit PCI Security Standards Council’s website.
So, what will a data breach cost you? The short answer is everything. You don’t know how much it can hurt your business until it happens … and then it’s too late.