After the turkey and pie, it is time to officially start holiday shopping. One shopping day that is particularly important – especially this year– is Small Business Saturday (SBS), which falls on the Saturday after Thanksgiving. It can easily get lost amidst the Black Friday and Cyber Monday hype, however it is a very important shopping day because it supports America’s small businesses. American Express started SBS in 2010 during the recession to help communities thrive during a difficult time. The shopping day continues to be successful – in 2019, nearly $20 billion was spent on SBS.
But hackers are paying keen attention to these highly lucrative shopping days and are poised to attack. According to findings from Generali Global Assistance’s fourth annual Holiday Shopping ID Theft survey, 2 in 3 consumers are concerned about data breaches during this year’s holiday shopping season; and nearly 4 in 5 will think twice before doing business with a breached retailer.
The key to protecting small and large businesses the holidays is not only to secure the perimeter – maintain firewalls, update patches – but to ensure that all payment and consumer data being entered into systems, whether face-to-face or online, is being encrypted and tokenized.
Hackers Target Small Businesses Too
With COVID hurting many small businesses, it is important to shop local this holiday season. American Express reported that 62% of small businesses said they that they need to see consumer spending return to pre-COVID levels by the end of 2020 in order to stay in business. When you shop local more money stays in the local economy, you create local jobs, and make your community a destination.
“Small Business Saturday is demonstrable proof of the big economic benefits of shopping small. Seven in ten adults are not just aware of the day but they are conscious of the positive impact local small businesses have in their communities,” said SBA Regional Administrator Steve Bulger, who oversees the federal agency’s operations in New York, New Jersey, Puerto Rico and the U.S. Virgin Islands.
When we think of data breaches, we think of the headline news-making incidents where millions of records are exposed by a big name brand.
However, the Verizon Business 2020 Data Breach Investigations Report (2020 DBIR) reports that almost a third, or about 28% of data breaches in 2020, involved small businesses. According to the DBIR, hackers are employing the same tricks on both small and large businesses. More consumer purchasing endpoints, the move to the cloud, a continued rise in social attacks and the sure in a remote workforce are all contributing factors to the rise in small business breaches. dividing line between small and large businesses is smaller today. The report attributes this to the movement toward the cloud and its numerous web-based tools, as well as the continued rise of social attacks.
Top threat actions continue to be:
- Spyware (Malware) 46%
- Capture stored data (Malware) 34%
- Brute force (Hacking) 34%
- Use of stolen creds (Hacking) 30%
- Export data (Malware) 29%
Unfortunately, the holidays are a perfect time for hackers to come out of the woodwork and look for victims. But there are simple preventive measures that small businesses can take to protect their systems, networks and shoppers.
- Secure Wifi networks – Secure, hide, and encrypt the workplace WiFi network.
- Update passwords – Passwords should be updated every three months and should be strong, using a combination of letters, numbers and symbols.
- Train employees – Hackers will use employee vulnerabilities to gain access to sensitive systems. Yet a GetApp survey found that 43% of employees do not receive regular data security training, and 8% have never received any training at all. For example, an unsuspecting employee could be sent a phishing email or be tricked into providing a scammer sensitive company information that could give the hacker access to the companies’ system.
- Control physical access to your computers and create user accounts for each employee – Company computers should be locked when not in use, and an account should be created for each member of the staff. Trusted IT members and key personnel should be given administrative privileges.
- Protect computers, networks, and information – Download suggested security patches and programs, keep the machines clean, and run anti-virus software daily.
- Practice your incident response plan – Even with the best efforts, companies might still suffer a data breach; knowing how to handle the fall-out is key to surviving a breach.
The Key to Data Protection – “Devaluing the Data”
Bluefin is a staunch advocate of devaluing all data and employing a holistic payment security approach, which includes EMV, P2PE and tokenization. “Devaluing the data” simply means rendering PII, PHI and payment data useless by encrypting or tokenizing it upon entry, whether at the point-of-sale (POS) or online. While there are many ways that companies should – and need to – shore up their systems, hackers could still find a way in.
Thus, if they do get in, with a devalue the data approach – they will find nothing of value. If companies, whether small or large, do not encrypt and tokenize their consumer data, they face high fines, millions in potential lawsuits, and irreparable brand damage which will cause many to go out of businesses.
Bluefin is a leader in providing simple, easy to implement paym and data security products for today’s omni-channel SMB, including mobile, retail, unattended, call center and Ecommerce solutions backed by our PCI-validated Point-to-Point Encryption (P2PE) and ShieldConex technologies – helping to protect all in-person and online transactions this holiday season.
Follow @shopsmall on Instagram to keep up with all the latest #ShopSmall news and events.