According to the Industry Census by NAMA, the Convenience Service industry is a $25 billion industry and MicroMarkets account for $1 billion of that total. That means that there are a lot of transactions running through your markets daily (roughly 161 every day!), and your customers are trusting you with some of their most valuable information: their credit/debit card data.
In 2016, reported data breaches increased by 40% (IdentityForce) and 2017 has been even messier. Companies from every industry have faced cyber attacks, including FAFSA, Verizon, Uber and the big one, Equifax. These are big companies and their popularity opens them up for attacks. That also means they have the resources respond quickly and effectively to such attacks and set up preventative measures.
During this year’s Coffee, Tea and Water show, Dr. Michael Kasavana , MSU/NAMA Endowed Professor Emeritus, moderated a panel discussion entitled, Protecting Your Business from a Cyber Threat, featuring: Chris Bucolo, MBA, PCIP, Director, Market Strategy, ControlScan, Inc., John Hickey, Success Consultant and Internet Marketing Consultant, Tech 2 Success, Jon Harris, Vice President, Cyber Security, Compass North America and John Reilly, President, Avanti Markets. Together, they discussed data security best practices.
1. Prevention
Your doctor will tell you to get regular physicals in order to catch potential health concerns before they become a life-threatening illness. The same concept applies to data security. Invest in prevention strategies, including:
- Network penetration testing
- Web application penetration testing
- Third-party service provider testing
These prevention strategies will enable you to test your systems to find vulnerabilities within your network as well as ensure that your staff is implementing safe data security practices and can identify potential hacker attempts (does that email look weird to you?).
2. Detection
Detecting a data breach is much different than detecting physical breaking and entering. According to NAMA, many data breaches go undetected for six months. Without the budget of some of the bigger companies mentioned above, implementing a quality, yet cost-effective defense strategy can seem daunting, however, there are techniques that can be implemented with a restricted budget. It is recommended that you:
- Implement endpoint security to safeguard the network perimeter
- Install a firewall to combat unwanted treats/intrusions (IDS/UTM)
- Contract a vulnerability management provider for system testing
- Implement a strict log management (responsibility tracking)
- Test network, web, and third-party application penetration
3. Recovery
In the case of a data breach, it is important that you respond quickly and communicate openly. NAMA recommends:
- Developing a well documented and communicated incident response plan. Remember to review it regularly to ensure that all tasks are properly assigned.
- Limiting data exposure by eliminating “external access from outsiders.” Do not, however, cut the power to the network as that could impede the recovery plan.
- Notifying business partners.
- Managing third-party service providers.
- Communicating with outside entities such as law enforcement and regulatory agencies.
- Determining if cybersecurity insurance coverage is “in place and applies to the current situation. NAMA goes on to say that, “A class action suit[s] can result from a significant breach.”
Cybersecurity should be a key aspect of your business plan going into the new year. There are cost-effective ways to protect your business' and your customers' data. Contact your technology provider to learn more about the data security measures that they already have in place, and how you can best leverage them.
