Small and medium businesses around the world are increasingly at risk for payment data theft. Nearly half of cyberattacks worldwide in 2015 were against businesses with less than 250 workers, according to cybersecurity firm Symantec. In order to help these companies protect themselves and their customers, the PCI Security Standards Council (PCI SSC) Small Merchant Taskforce has developed a set of payment protection resources for small businesses. In this series, we highlight security basics from the Guide to Safe Payments for protecting against payment data theft.
Malware doesn’t just sound bad, it is bad. It’s a nasty infection that if your defenses are down, can take out your computers and systems like a bad virus. So how do you fight it off?
Hackers write malicious code called malware (also called viruses) to exploit the computers and software you use to run your business, so they can break into your systems and steal (credit and debit) payment card data.
The good news is, there are defenses you can put in place to fight off malware. Using up-to-date anti-virus or anti-malware software helps to protect your systems.
Here are a few tips to keep in mind:
Install anti-virus or anti-malware software: Make sure you have this running on any computer used to take payments or process them. Ask your IT retailer about products they recommend for the best protection and for tips on installation.
Automatically update: Select the “automatic update” setting on the software, so you always get the most recent protection available.
Password protect: Ask your IT retailer about how to configure your anti-virus or anti-malware software. Set the software’s configuration control to be password protected. It’s critical that this software is always running, and that you control who has access to it to avoid any disabling or altering of the software.
Run periodic scans: Regularly run full systems scans to make sure you catch any new infections. There are scanning tools that can do this for you automatically. Talk to your bank or service provider about choosing a PCI Approved Scanning Vendor who can help you with this.