The holiday season is gone, the new year is here and so are persistent cyber threats. Right now there is an effort to compromise businesses that are still swiping credit cards. If you run a business and you are not using EMV technology to process your credit card transactions, you are putting your business and your customers at risk.
EMV uses credit/debit cards with a chip and devices that can process payments made with chip cards. Many businesses have contracts with merchant services companies. This is a good time to ask them about your upgrade options so you can use EMV technology to process payments. Retailer Forever 21 was one of the latest to receive national media coverage for its failure to secure transactions across all stores. It’s such a simple thing to fix but the investment must be made. Now we have to deal with the new Meltdown and Spectre exploits.
As you ponder the possibilities of upgrading your credit card processing, ask yourself if you are Payment Card Industry Compliant. As a business owner who accepts credit card payments, you owe it to yourself and your clients to ensure that you are. There are cyber-liability insurance policies with provisions that protect businesses against compromised credit card transactions. Ask your commercial insurance provider about it. There are also merchant services providers that will assume the risk of your credit card transactions being compromised. You don’t want your customers to think you don’t care about their security.
Some of you may have received tech gifts over the holidays that may have vulnerabilities. If there is a default password on your new device, change it. It’s also a good idea to change the passwords on your online shopping accounts. Excluding video game consoles and smartphones, most internet-connected devices don’t prompt you to update your firmware.
What is firmware?
It is software that is embedded in hardware. We have recently experienced cyber attacks using the Mirai Worm that exploits internet devices that haven’t had the firmware updated. If you don’t know how to update your devices, get in touch with one of the many outstanding local IT support providers. There was a serious wireless network vulnerability that affected WPA2 wireless encryption during 2017. The fix for this is to update the firmware on your devices. There are many businesses still out there that have not taken care of that yet. The “WPA2 Krack” allows an attacker to get into your WPA2-protected wifi without knowing the wifi password. They just have to be in range of the wifi. This is dangerous, so if you haven’t resolved this yet, you should contact a professional IT company that can help.
Also, the beginning of a new year is a good time to change your passwords on all your accounts so that each account has a different password. The passwords should be complex and composed of random uppercase letters, lowercase letters, numbers and symbols.
How are you supposed to remember all those passwords?
Make use of password programs like LastPass, Dashlane or PasswordKeeper. And change your secret questions too. Don’t answer the mother’s-maiden-name question with your actual mother’s maiden name, because many people could know that. Change the answers to those questions to a long thread of random numbers, letters and symbols. There are a lot of businesses out there with simple passwords or that use the same passwords for different accounts. If an attacker gets access to one of your passwords, how many accounts are at risk?
Rodney Gullatte is owner of IT Firma Solutions. He can be reached at firstname.lastname@example.org.