While customer experience is top of mind for Canadian small business owners, data security has become somewhat of an afterthought, leaving both companies and consumers open to attacks.
A new Maru/Matchbook survey conducted on behalf of Moneris shows that more than two-thirds (67 per cent) of small- and medium-sized businesses (SMBs) have yet to conduct a data security audit, and most (70 per cent) have no data security protocols in place. This is especially concerning when you consider almost all businesses have some form of online presence today. Whether it’s a website, customer loyalty program or backend systems on the cloud, even the smallest of companies are connected to the Internet. And the more digital a business is, the more exposed it is to potential risk.
So, why aren’t small businesses protecting themselves and their customers? Let’s debunk some of the most common apprehensions SMBs have about implementing security protocols:
“My business is too small”
Make no mistake — cyber criminals always take the path of least resistance. They’ll try a lot of doors and see which ones open. In fact, small companies are at especially high risk for phishing attacks, according to Canadian cyber security experts.
For this reason, it’s imperative for business owners to educate employees to ensure they’re not clicking on random links sent to their work email. You also can’t afford to ignore a security update, especially if it’s for an inventory system or other software that connects to a payment module. Once an intruder gets on your network, your entire business is exposed.
“Data security is too expensive”
Not unlike doing routine maintenance on your car, investing in prevention usually costs less in the long run. “Expensive” is relative to each individual business owner, but a data breach can be incredibly costly to clean up after the fact. Not only could you be legally exposed to financial consequences if unauthorized parties gain access to your private customer data, the damage to your business’ reputation could be devastating.
To the credit of SMBs, Moneris has seen an increase in the number of merchants who are implementing products and tools to keep their businesses safe. These are small business owners who understand the danger of falling behind. There’s an old saying: “You don’t have to run faster than the bear to get away. You just have to run faster than the person next to you.” If you’re sluggish to solidify your data security, you risk being the slowest runner not because you have slowed down, but because others have sped up.
When it comes to data security, it’s also important to remember that you don’t always have to invest in elaborate, cutting-edge data security systems to protect your business. Rather, you need to take changes in your environment into account and make regular investments to maintain reasonable protection measures.
“I have no idea where to start”
Technology changes quickly and entrepreneurs are always stretched for time, so it’s no surprise many SMBs procrastinate when it comes to data security. But it’s also no excuse. Once you have customer data of any kind in your possession, it is your responsibility to hold it in a secure way. The first step is to be thoughtful about the data your business is collecting and storing. If you don’t need it, take steps to not collect it in the first place or to securely delete it after it is no longer needed.
The next step is to conduct a security audit and take stock of the data you have in your possession. This can be a real eye-opener for business owners. You’ll also want to examine how that data is being stored — is it encrypted or segregated behind the proper security firewalls, or is it vulnerable?
In an increasing number of cases, business owners simply decide they would be better off not storing customer data associated with credit card payments. Using a hosted pay page or hosted tokenization allows merchants to securely accept payment information from customers without ever collecting sensitive payment details. Because the customers’ credit card info is hosted on secure servers maintained by payment industry leaders, SMBs can reduce risk within their environment and focus on running their business.
Enlisting the help of outside professionals is an especially wise move when you consider that data breaches originating online — which are largely the result of companies accidentally exposing sensitive data to the Internet— were the No. 1 cause of data loss in 2017.
“My priority is customer experience”
Customer experience is everything in business, but I would argue that having your identity stolen is about the worst experience you can have as a customer.
Small business owners must realize that securing customer data is an essential component to delivering a great customer experience. As more and more companies go online, data security becomes a bigger issue, and you can’t afford to ignore it for fear of cost or time.
Luckily, securing data is not as daunting as you might think. Like most things in life, it doesn’t seem nearly as complicated or overwhelming once you begin the process, and there are a lot of specialists in the field that can help you get started.
For SMBs, this is about doing the right thing for customers. Canadians trust business owners to keep their information safe, so the time for excuses is over.
Brian Prentice is Chief Risk Officer at Moneris Solutions