Data has become one of the most valuable commodities on the market today (and the dark web), even more than the value of oil. Not just for insights into consumers for marketing means, but for cyber criminals too. The sheer value of a company’s data makes unsecured data the most sought after commodity for cyber criminals, and subsequently the fact that most SMBs do not take cybersecurity seriously also means it has become the #1 security threat to local small businesses.

Lack of data security efforts in SMBs makes cybersecurity the #1 security threat.

Despite this fact, 60% of small and medium sized businesses do not have adequate cybersecurity strategies in place nor any kind of response action plan for when it does inevitably happen. Sometimes business owners think that cyber-criminals aren’t interested in their business. Maybe they believe that they are too small to get noticed. Cyber criminals are interested in all types of valuable data. It is all too common for organizations to hold a mindset that if they are not collecting and storing sensitive information such as the information that businesses in the health and financial sectors would that they are not necessarily at risk. But the reality is that’s exactly who they tend to prey on for that exact reason. These small and medium sized companies are easy targets because they don’t tend to take many extra precautions.

And, it is not only data the criminals are looking for.  They are also capable of intercepting payments. There are many reasons cyber criminals would target a smaller company. Besides weak security measures, they also tend to be in direct contact with suppliers. Because of this more intimate communication criminals are able to breach the WiFi networks and weasle their way into unsuspected pathways. One way, for example, is to intercept an email invoice requesting payment- the hacker is able to manipulate the information in the email and replace the account number for the deposit with their own, thereby effectively stealing a businesses payments.

This “it won’t happen to us” mentality leads to a huge problem considering the costs involved with being victim of a cyber attack can actually put a small company out of business. In addition to monetary costs, being the victim of a cybersecurity attack can significantly undermine the view of trust consumers have in a company, having a lasting effect on brand and customer loyalty crippling their reputation for years. 

Small and medium sized businesses can no longer continue operating under a false sense of security believing that they are flying under the radar. Implementing strategies aimed at the management and reduction of cybersecurity risk, the use of security standards and implementation of Best Practices allows SMBs to join the fight against cyber crime. It is not as hard as it may seem.


Some cybersecurity steps small business owners can take easily and immediately:


  • Audit your company’s current security measures and identify where there are weaknesses. The National Institute of Standards and Technology offers their Cybersecurity Framework as a tool to allow business owners perform an assessment and then, “based on existing standards, guidelines, and practices for organizations to better manage and reduce cybersecurity risk”. 


  • Decide what exactly you have that would be at risk. Is it customer data, employee records, payment information or intellectual property or all of the above? 


  • Decide what security measures can be handled in house and what might need to outsource to a third party.


  • Start with your employees: Training and education can go a long way to help employees understand the potential of cyber attack and recognize the common signs associated with different types of potential attacks. Empower them to adopt a healthy dose of skepticism and to just be more aware. Increase security through insisting on strong passwords. Sometimes security breaches can be unintentionally facilitated by reckless employee behavior. Empower employees to feel like an active member of the security team.


  • Do even have someone in charge of cybersecurity? Assign a specific team member the task of being in charge of all cyber security efforts. Make sure that they are able to communicate and coordinate with the various departments, team members and employees.


  • Technology such as artificial intelligence and machine learning should be employed to help create resilience from cyber attacks. There are simple tools available that can be used to scan through code and pinpoint weak code in order to protect against hackers browsing the internet from getting in through these weak code areas.


  • Make sure your WiFi is not only secure but that you are also utilizing intrusion detection software that is regularly updated to detect any possible intruder before they intercept valuable information. Keep your website safe by using software such as a website scanner designed to detect and automatically remove website malware and the installation of a web application firewall (WAF) helps to only allow safe traffic through.


  • Don’t only rely on antivirus software to keep your data safe. Firewalls, encryption software and two-step authentication should be employed as well, along with endpoint security systems and third party or cloud data back-up solutions.

The best way to empower your business to survive a cyber attack is to catch the incident at its inception and respond swiftly before too much damage is done. As we forge into the future of a digital world SMBs will need to decide to be more proactive despite a future looming with cyber threats. 

At Bankcard Brokers, we take the security of our clients and their patrons data very seriously. We hope you found this informational article educational and are inspired to take a closer look into your own security efforts. If you are interested in merchant services, payment gateways or security solutions, don’t hesitate to give us a call today. 

“Experience the Bankcard Brokers Difference!”