A Wall Street Journal article, Hackers Shift Attacks to Small Firms, has many more people paying attention to security issues, and for those of us in the security industry, we welcome the shift in attitude. As a security provider, we constantly have to answer the question, "Why should someone as small as me take security seriously?" Before this article, we had to site our own experiences with helping small merchants who came to us after they had been breached. Due to our confidentiality agreements, and the interest of our customers, we rarely have been able to discuss details with other small merchants who were vulnerable. This article is a welcome sight to those of us in the trenches who are trying to spread the word that computer hackers are real and that they love small businesses. On the whole, few businesses are more vulnerable than small QSR and fast casual restaurants for the following reasons:
When you put all of this together, you could not ask for a better target if you were a hacker looking to steal credit cards. Theft is a business to cyber crooks. They want the most return for the least amount of effort, so the educated merchant does what is necessary to make his location less attractive to on-line thieves.
One source that merchants can used as a guide is the Payment Card Industry Data Security Standard (PCI), which is the minimum security the credit card brands expect from a merchant who accepts credit cards. The current standard can be found at The PCI Security Standards Council's web site. In PCI, a merchant can find several security measures designed to deter hackers from attempting to steal their credit card data. Even if a mom-and-pop restaurant cannot meet all PCI standards, it would be better to implement the security measures that are practical today, than to ignore the problem altogether. While it is important for every business to become fully PCI complaint, the first goal for any security plan it to make your business difficult to break into, so a thief will move down the road and hit an easier target.
Slowly but surely, more businesses are getting the message – Acting now is better than being a victim in the future.
Topics: Loss Prevention