Your convenience store has likely become increasingly connected over the past five years as more of the devices on site require or desire internet connectivity. Did you know that 71% of cyber-attacks happen to small businesses with under 100 employees? Or that it’s reported that 50% of small and mid-sized businesses have had a security breach in the last 12 months?For these reasons, it’s important to ensure your site information and data connections are secure, and that you partner with companies that are committed to keeping your data secure.
Here are some best practices that are recommended to help protect your information from malicious attacks.
- Install a firewall to protect the network.
- This best practice is recommended by most security consultants as the first and most effective step. There are many secure routers that create a firewall for your site and that are straight forward to install. By putting all of your devices ‘behind the firewall’, you significantly increase your security.
- Ensure you have a documented process for changes to a firewall, that includes an approval process to avoid individual points of failure.
- Utilize vendors that have a strong expertise and commitment to data security.
- The need to understand and stay current in all areas of security, including software design, user access protocol, system design and security process, requires vendors that have the scale and resources to build and test robust products.
- Ensure that you consider mobile devices in your security plan.
- With many employees using their own devices (phones, tablets, watches) to work remotely and access site information, it’s important to have a clear and consistent security policy related to these devices. Require passwords on all devices.
- As new equipment is added to your site, ensure you discuss with your installer or service contractor how devices will connect, and ensure they connect through your firewall
- Change passwords frequently.
- With over 60% of data breaches being attributed to password issues, including weak, lost or stolen passwords,[iii] it is important to have and maintain a consistent password policy. The policy should include the need for upper- and lowercase letters, numbers and symbols in passwords and the need to change passwords every 60 to 90 days.
- Crime as a service / Malware as a Service – Capra Consulting group
- Information security – Facts vs. Feelings – Capra Consulting group
- Solving the IT Security Riddle - W.Capra Consulting group
- [i] Congressional Small Business Committee
- [ii] 2016 State of SMB CyberSecurity Report by Ponemon and @Keeper
- [iii] Verizon 2016 Data Breach Investigations Report