The holiday season brings joy, festivity, stress and a range of other emotions. It also brings added security risks.
Business picks up in many industries and sales increase, while employees find themselves distracted and starved for time. Maybe you’re also bringing in seasonal employees who are not familiar with your data security procedures, which further increases risk.
Consider the following stats:
- Identity fraud hit a record high of $15.4 million U.S. victims in 2016, up 16 percent from the year prior.
- In 2016, fraud attempts spiked 31 percent during the holiday season while successful fraudulent transactions grew 16 percent.
- Card-not-present (CNP) fraud grew dramatically in 2016, increasing by 40 percent, meaning scammers are increasingly getting their data from online sources.
It’s important to protect yourself as a consumer during the holiday season, but it’s just as crucial to protect the integrity of your business data and the customer information you collect.
Whether you’re a hospitality company, a retailer, a manufacturing operation or an investment firm, these universal safety measures will greatly reduce the risk of a devastating breach.
Use A Credit Card, Not a Debit Card
Use a credit card for business purchases and payments whenever possible. It’s much faster and easier to have fraudulent charges removed from credit cards – most of which do not hold customers liable for fraud – than to get a reimbursement from your bank. If you can, stick to using a single credit card, rather than many. It’s easier to keep track of charges and quickly spot suspicious transactions this way.
Check Online Accounts Frequently
Don’t expect your bank or credit card to do the work for you. Sure, most will alert customers or deny a transaction when something seems amiss, but fraudulent charges sometimes do fall through the cracks.
Check your online credit card and banking accounts frequently, and make sure you’re reviewing every transaction. Call your credit card company or bank right away to report any purchase you didn’t make. Thieves often start with very small transactions that you’re less likely to notice, so no amount is too small to scrutinize.
Promote Cyber Security Awareness
As we’ve talked about in other blogs, your own employees are more likely to cause a data breach than outside hackers. In the vast majority of cases, the breach is entirely accidental. An employee might fall for phishing scam or send confidential data to the wrong person.
Cyber security awareness campaigns and training programs go a long way toward preventing these incidents, particularly if you set measurable and enforceable goals and reward employees for compliance.
Use Employee Monitoring Software
Employee tracking tools allow company owners and leaders to manage insider risks due to employee error or, in very rare cases, malicious intent. Website tracking software automates the process of:
- Analyzing trends in employee behavior to determine which policies are being violated and which employees are most risky to the organization
- Writing rules that react to risky behavior, such as blocking certain emails from going out or preventing sensitive documents from being printed
- Recording, logging and monitoring all employee activity – work sessions can be played back like a video
If you go this route, it’s best to be upfront with employees about what you’re doing, and why. Otherwise, they might think you’re being overbearing or Big Brotherish. Explain that tracking is not a punishment – it’s a line of defense against accidental data breaches that can seriously hurt the company and jeopardize job security.
Don’t Store Sensitive Info on Vendor or Retail Sites
Whether you’re hiring a catering company for an event or reordering office supplies, resist the temptation to store passwords and credit card information with outside sites. If that vendor or retail site falls victim to a breach, your information will be compromised, too. Entering your information each time is less convenient but much safer.
Storing passwords and credit card information on your own office computers is also risky. If hackers gain access to your network, they have everything they need to make fraudulent purchases. The best way to keep track of usernames and passwords is old-school pen and paper. Make a list and store it in a secure place – ideally under lock and key.
Protect Your Devices
Always make sure your security features and software are up-to-date, and that your devices are free from malware or spyware. This applies not only to desktops and laptops, but to smartphones and tablets.
If you don’t have a mobile device management (MDM) policy in place, we strongly urge you to create one. Are employees allowed to conduct business using their personal devices or only with company-issued devices? If personal devices are allowed, will you require security software to be installed? Which apps can be used? Can internal documents and programs be accessed through mobile devices?
Finally, make sure all laptops, tablets and smartphones used for business purposes are set to auto-lock and protected with a strong password. That way if they’re lost, thieves can’t access sensitive data.