Small and medium businesses around the world are increasingly at risk for payment data theft. Nearly half of cyberattacks worldwide in 2015 were against businesses with less than 250 workers, according to cybersecurity firm Symantec. In order to help these companies protect themselves and their customers, the PCI Security Standards Council (PCI SSC) Small Merchant Taskforce has developed a set of payment protection resources for small businesses. In this series, we highlight security basics from the Guide to Safe Payments for protecting against payment data theft.
The majority of data breaches are caused by flaws in software that can be easily fixed but are left unaddressed. How can you protect your business?
Often, software has flaws or mistakes (made by programmers when they wrote the code), also known as bugs or vulnerabilities. Cybercriminals exploit these mistakes to break into your computers and steal payment data. Software vendors provide security updates called “patches” to fix these coding errors, but these patches are only effective if you use them!
The key to protecting your business against dangerous software bugs is to update your computers and payment terminals with the latest security patches as soon as possible. Here are a few tips to help you:
- Find out which vendors send you patches: Who provides and/or services your payment terminal, other payment systems, (tills, cash registers, PCs, etc.), operating systems (Android, Windows, iOS, etc.), web browsers and business software?
- Ask these vendors about receiving patches: Find out how they notify you of new security patches, and make sure you receive and read these notices.
- Patch quickly: Follow your vendor’s and/or service provider’s instructions and install the patches as soon as possible.