Study: Businesses lack policies for tackling cybercrime

Study: Businesses lack policies for tackling cybercrime

The 2009 National Small Business Cybersecurity Study reported some disturbing findings concerning how small businesses view cybersecurity. Out of almost 1,500 small businesses, a mere 28 percent of them have Internet security policies set in place. Only 53 percent of them check to make sure their anti-virus and malware files and definitions are up to date. These are alarming statistics, especially for small business merchants that accept credit cards.

PCI security standards and your small business
"Small business owners' cybersecurity policies and actions are not adequate enough to ensure the safety of their employees, intellectual property and customer data," according to the 2009 National Small Business Cybersecurity Study. Many merchants who accept credit cards for purchases are in direct violation of four out of six PCI security standard principles based on the data from this study:

• Build and maintain a secure network.
• Maintain a vulnerability management program.
• Regularly monitor and test networks.
• Maintain an information security policy.

This also means that many of these merchants are violating rules set forth by American Express, Discover, MasterCard and Visa, the big four credit card companies.

Neglecting cybersecurity and your merchant account
Neglecting to monitor your cybersecurity can not only put your business at risk, but your merchant account provider as well. Both you and your merchant account provider have to answer for breaches in security when customer data is compromised or stolen. These breaches can result in numerous fines and even lawsuits brought on by the Federal Deposit Insurance Corporation (FDIC) and Federal Trade Commission (FTC), two of the four government agencies that regulate merchant accounts. Your merchant account provider may drop you or be forced out of business if it is sued because of your lack of security.

Ways to improve your cybersecurity
Familiarize yourself with the PCI security standards for securing customer data. There are six principles with 12 requirements that must be met. The Big Four require all merchants who accept their brands to comply with these guidelines.

Following the guidelines that StaySafeOnline.org has established will also help you improve customer and employee data safety. The three guidelines are: assess your risk, monitor threats to your business and draft and implement a cybersecurity plan. These guidelines will also aid you with staying compliant with PCI standards. Protect your business, its reputation and your merchant account by protecting customer and employee data.

Published: December 1,2023