Why Data Security Concerns Small Businesses

Why Data Security Should Concern Small Businesses (and All Businesses, Really)

Given the culture of mainstream data security breaches we’ve been unwittingly thrust into beginning in about 2013, I think it goes without saying that PCI compliance is vitally important, not just in the world of payment processing, but in the world of business in general.

Oh, PCI compliance… I’m talking about that item that never fails to pop up on your credit card processing statement.  It’s that one thing you’re always billed for, no matter whether it’s in the positive (PCI compliance fee) or the negative (PCI noncompliance fee).  Funny little line item it is.

For some business owners, that’s all it will ever be – another annoying, unexplained little line item in an entire world of more pressing business issues.  Maybe something a bit like car insurance – an expense whose worthiness won’t be proven until the day of a catastrophic, metal-twisting wreck.  As a business owner, does a data security breach as you grow your business really concern someone like you?  Or, is this just a game the giants play while anyone smaller than Goliath watches from the bleachers?

Lately, all signs seem to say that yes, business owners – even small business owners – ought to be quite concerned with data security breaches.  Breaches are actually down worldwide from two years ago, but, as our buying culture moves slowly but surely to credit from cash (and our general habits from physical to online), fraudsters and hackers see the channel as a very viable road to profit.  Although PCI noncompliance is just one cause of data security breaches, taking a look at compliance and general payment security pointers can benefit all business owners, as security flaws are usually extremely correctable.

This piece isn’t meant to alarm you; instead, it’s more of a wake-up call for businesses who’ve relegated PCI compliance to the back burner – or, didn’t put it on the stove at all.  Better at least cover that pot if you’re keeping it out overnight.

So, what is PCI compliance, then?

Basically, it’s the security of credit card information – that is, how safe you’re keeping it when and if you’re storing it.

Some aspects of PCI compliance are thoroughly under your control.  For example, when faced with the decision of whether or not to copy down a customer’s credit card number to enter into your accounting system or credit card terminal later, you can choose not to, knowing well that paper trails, even destroyed ones, can increase your fraud liability.

And, other aspects are thoroughly out of your control.  For example, you may be using a payment processing program that keeps unprotected credit card information stored on your business’ server (and, though it sounds crazy, there are programs that do just that).

Do you have a Target (or a Home Depot) on your back?

It’s an unfortunate circumstance of today’s media coverage that the big guys get most (if not all) of the attention, while the little guys get next-to-nothing.  Contrary to what you may have heard, small businesses are a favorite target for hackers.  This white paper shows that 70% of all reported data security breaches happen in small businesses – a truly incredible, harrowing statistic, telling a much different story than the one you’d understand by only reading headlines. 

The headline stories make sense; compared to the enormity of the Target and Home Depot data breaches, the small business ones are…well, quite small.  Though they may be small enough to dip underneath the radar completely, they’re certainly a big story to the business owners they affect.

Data breaches can be murder

I don’t mean for you as a person, obviously.  But, to your business?  That’s a yes.  The National Cyber Security Alliance stated in a report that when a small business is hacked and has its customers’ information compromised, it has a 60% chance of closing its doors within six months of the attack.

When you look at that statistic in tandem with the aforementioned one about how 70% of all reported data breaches occur in small businesses, it’s not quite a death sentence for small businesses – but, it’s close.

Especially in our age, hackers and fraudsters are more skilled than ever before, and, they’re very aware of the fact that small business owners think they’re too small to be viable targets for information breaches.  Incidentally, they’re also too small to be seen by most anyone when they’re broken into, so nobody ever thinks to change their own security tactics until ex post facto.

Don’t be the next unseen statistic

You don’t have to be another story nobody hears about.  Now that you know about all this negativity, you’ll be quite pleased to know it’s not difficult at all to protect yourself from invisible hackers and others who don’t have your best interests in mind.

Regardless of security breaches caused by hackers, it’s pretty easy for anyone to straighten out a rumpled piece of paper you used to copy down someone’s credit card number.  Indeed, this isn’t what most people think of when they hear that term data breach, but if anyone recovers that trashed piece of paper you used, you’ll be liable for any consequences that may arise just the same.  Just resist the urge to engage in that practice, and, if you’ve absolutely needed to do so in the past (for business procedures, direct orders, or any other reason), it may be time to revise standard procedure.

Additionally, if you use a computer-based credit card processing system that stores full, unprotected credit card numbers on your own server (read: is not PCI compliant), it’s time to look into an updated solution, something that fits today’s security standards.  Solutions that employ tokenization technology, for example, break sensitive data into strings of random numbers when in storage, so anyone who successfully breaks into a server storing the information doesn't get anything worthwhile - only garbled strings of characters.

If you used a cloud-based processing system, for example, you wouldn’t be liable for a data compromise the same way you would if you used something that stored information on your own servers.  If you aren’t sure about the status of your own processing system (for example, where it stores information, whether or not it’s even cloud-based), it never hurts to ask your credit card processor or search for reviews of the product you use that relate to PCI compliance and data security in general.

So, what is the value of PCI compliance to small businesses?  It’s much more than a little line item on your statement; the very survival of many businesses depends on it.  Be absolutely sure your own business maintains PCI compliance to avoid any potential pitfalls, and rest easy knowing that your customers’ payment records are safe because of something you did for your business.  Because, as a small business owner, you’ve got a lot more to pore over than fretting about losing your business because of an entirely avoidable data security lapse.

There’s a New Payments Advocate in Town – and it’s the Government!

They've formed something called the CPTC - and, the PIC.  

But... What do they do?

If you follow this blog, you know I’m all about electronic payments.  But, I’ll bet you didn’t know that as of a month ago, the government is all about electronic payments, too!

It’s true.  On March 19^th, Washington issued a press release announcing the formation of a new discussion group, the bipartisan Congressional Payments Technology Caucus (CPTC).  The bipartisan caucus, headed by four US Representatives, will discuss how innovations in payment technology affect all consumers, especially the segment of consumers who aren’t tied to any physical bank, as well as data security.

As well, on April 9^th, four US Senators formed the bipartisan Payments Innovation Caucus (PIC).  Like the CPTC, the PIC will explore data security trends, general payment innovations, and how those innovations protect consumers.

Both the CPTC and the PIC exist not only to foster discussion among congressmen, but to spread awareness of payments technology issues and, in doing so, move contents of the discussions onto the appropriate law-making forums.

What does this mean?

I say it’s about time Congress got on board with electronic payments.  I guess after years of silently developing a hold on our collective hearts, first with simple credit cards, then with mobile payments and digital wallets - and then breaking many of them with those nasty data breaches - someone had to take notice.

It’s a very good thing, because according to an article from Senator Gary Peters (D-MI), a staggering 70% of consumer spending happens electronically (although the difference between card payments and ACH transactions isn’t specified).  He says that by 2017, consumers will be spending $7.3 trillion per year electronically.  (For more stats on current usage as well as the advancement of payment security in general, you can check out this white paper, Payment Security and Beyond in 2015.)

So, does this mean law-makers will take action that involves credit card payments and data security?  Will the government’s involvement in payments mean more support for small businesses?  A global shift in credit card processing costs?  All things remain to be seen, and, since we’re talking about a government operation, we can expect a snail’s pace.  But, it’s something.

Which is Worse: A Damaged Reputation or the Loss of a Key Employee?

Which is Worse: A Damaged Reputation or the Loss of a Key Employee?

This man isn't sure yet...but he'll know soon enough.

It’s an interesting juxtaposition.

Would your company suffer more from the loss of a key employee, someone who hit his numbers every month, has an exemplary track record with his clients, or whose visionary ideas helped shape the company – or a tarnished reputation brought on by an unforgivable social gaffe or, worse, a data breach revealing the personal information of countless customers?

In order to examine this fully, we’ll need to break it down into smaller pieces: The benefits of having a top-of-class employee working for you, and the negative effects of losing such a person in your workforce.  And, we’ll need to look at the payoff of having a great reputation versus the deleterious effects of having a bad one.

Benefits Brought by a Key Employee

Having a good employee at your disposal obviously carries a string of benefits. 

The work he’s assigned gets done, and, not just that – it’s meaningful to the company, so it ends up bringing in appreciable revenue, revenue which certainly would not have arrived if that employee hadn’t contributed his work. 

Having such an employee can also mean entirely new ideas for your company, from website tweaks that positively affect traffic and search engine ranking to an entirely new, successful product line. 

The possibilities are great.

Bad Effects of Losing that Key Employee

Conversely, what happens when that same employee that created all the extra revenue and had ideas no one else could muster ends up leaving your company?

Certainly you can ride on his ghostly laurels for a time.  But, after that time, you’ll start to see a decrease in revenue because the production that key employee brought to the table simply isn’t there.

 

In time, after the key employee leaves, you might have some vestigial remains of his handiwork (such as that tweaked website you’ve told his successor not to touch) or the new product line that someone else oversees, but you won’t get the innovation back.

In short, you’ll return close to the productivity and revenue levels you were at before.  Your current clients might not notice much – maybe a different voice on the phone – but, you will.

Benefits Earned by a Great Reputation

Good reputation, on the other hand, can be thought of as something that happens when you have a good employee working for you. 

You garner a good reputation when someone visits the website that your star employee helped revamp and has a much easier time checking out and paying for his order.  He might tell his friends how easy it was, and he might even mention how you seem to have diversified your product lines, too.  He might write a review on Yelp, for that matter.  But, the principle is the same.  Good reputation comes from people saying good things about you.

The good thing about good reputation is it outlasts your star employees.  Whereas your influx of keen ideas might slow to a halt if your star producer leaves, people will remember how they felt when they read his work, when they surfed on his website, or when they bought the products he conceived of.  And, they’ll come back for more.

Negative Effects of a Bad Reputation

And, conversely, as good as the effects of a sparkling reputation can be, the effects of a lousy one can be exactly as bad.  And, usually worse. 

You might inadvertently plant a seed of bad reputation by making a faux pas at a large social gathering for your business.  By comparison, you might plant a sequoia grove by inadvertently compromising your customers’ data in a data breach.

Now, we’ve all read negative reviews on Yelp.  Those reviews are the ones that seem to stick the most, and the ones that seem to arouse the most passion.  Without going into the psychology behind it, let it suffice to say bad reputation is a much bigger worry than good reputation is a boon.  Whereas people interpret your good reputation to mean you’ve done mostly good things, people usually interpret a bad reputation to mean anyone’s given experience with you will be unequivocally bad.  No bones about it.

And, what’s more is the fact that a good reputation can easily shift to bad, but a bad reputation has a much harder time turning over to good once more.  A bad reputation outlasts your star employees and your bad apples, too.

So, Which is Worse?  Losing a Key Employee or a Damaged Reputation?

After reading this article, hopefully the answer is clear as day. 

Losing an essential employee might look bad on paper, but you’ll not only retain a good deal of his innovations (in some cases), but you won’t be thought of negatively just because of his loss.  You might be thought of…not quite as well.  But, not badly.

If your reputation’s tarnished, though, forget about it.

Negative reviews on Yelp live on forever, and people glom onto those juicy, bad stories much more than they do positive ones.  I mean, what captivates us when we read books?  See movies?

It’s the conflict.  It excites us.  We can use it to our advantage, of course (for example, avoiding a place that has horrid reviews on Yelp), but that doesn’t change the fact that we’re drawn to it.

That’s just how it is.

How Can You Protect Yourself?

Believe it or not, this article shouldn’t read like a death sentence.  It’s very possible to garner a good reputation and keep it that way.  You just have to be smart.

If that means calculating more heavily what you say in social situations, so be it.  If it means turning the other cheek when someone calls you a name instead of flying off the handle, you can handle it.  If it means investing time into looking into a tokenized security solution - or any number of other data security measures -  for your customers’ secure information, it’s worth looking into.

How Much Money Do Your Customers Owe You?

How Much Money Do Your Customers Owe You?

Dealing with someone who won’t pay you has got to be one of the worst feelings ever.

The money they owe you rightfully belongs to you, and yet you still have to be tactful about asking for it.  And, even then, after all necessary niceties (and more threatening remarks, I’m sure), 1 in 4 business owners still have trouble collecting payments from customers.  Adding insult to injury, a YouGov survey showed that in2013, 11% of business owners nearly had to close their doors because of issues with late or missing payments.  Not only is the issue of late payments pervasive – it’s also potentially deadly (for businesses).

Something You Probably Knew Already

Of course I don’t need to sit here and tell you collecting money that’s yours is important.  A dollar you earn now is a dollar you can use to fulfill all kinds of needs, from stashing it in an interest-bearing account to reinvesting it in your business – and, none of that’s possible if you aren’t being paid on time.  It follows, too, that if enough of your clients take too long to pay you for the goods or services you sold them, you may have to close your business; this not only makes logical sense, but the aforementioned study proves it as well.

And, Something You Probably Didn’t Realize

One thing you probably hadn’t considered was that when you have accountants pounding the phones just to squeeze a few dollars out of your deadbeat customers, it not only stresses them out for a marginal (or nonexistent) return, but it takes them away from the things they really need to be doing, like compiling reports or collecting payments from people who are calling you.  So, the negative effect of dealing with people who won’t pay is actually twofold: You lose productivity when you call an emergency “fundraising” session, and, there’s no guarantee you’ll actually recover the money you’re owed.

Given All That, What Do You Do?

It can be extremely stressful dealing with this kind of situation.  This article on avoiding late payments from clients details five different ways to either convince your worst customers to pay up or prevent the very situations that result in delinquent payments, like unclear business terms or lack of an electronic, integrated credit card processing system.