Data Security 101: Why Small Businesses Should Worry About Data Breaches, Too

Cyber security has been a headline-making topic lately, as organizations ranging from major credit bureaus to mega-retailers to social media giants have reported data breaches. But it’s not just the big players that are being targeted by hackers: Studies show that between 43 and 60 percent of cyber attacks target small and midsize businesses.

And not only are these small and midsize businesses getting attacked more often, but they’re also less likely to recover than large corporations. The most common types of attack, according to small businesses whose cyber security has been compromised, are web attacks, phishing, and malware.

But there are data security measures you can implement to protect your business. Here’s what you should know:

What is data security?

The definition of data security is implied by the term itself: It refers to the measures that an organization takes to protect sensitive information, including the privacy of its customer data, as well as shielding data from corruption and malicious attacks.

Data security should be top of mind for all companies, but perhaps especially for small businesses. Because not only is there the significant financial cost of dealing with a data breach, but there is also collateral damage, like the loss of customer trust. As noted earlier, more than half of small businesses that experience a cyber attack never recover.

Large corporations also take a significant hit to their business and reputations when their data is compromised — and it seems like no one is safe. The Bank of Montreal and the Canadian Imperial Bank of Commerce both suffered data breaches last May. And Facebook in late September of 2018 announced the largest breach in the company’s history, with the personal information of nearly 50 million users compromised. These breaches in particular have sparked crises of credibility among consumers, and the companies are still working to figure out how to protect customer data and regain public trust.

Types of data security measures

Some of the best-known data security technologies are encryption, which renders information unreadable to those outside the organization (like hackers), and authentication, which requires users to enter a password or other information before logging in. More companies are transitioning to two-step authentication, which might require, for example, a user to enter a password and then a code that they receive via text.

What security standards should businesses adhere to?

The Payment Card Industry Data Security Standard (or PCI DSS, for short) is a standard that was set by the five largest credit card companies to help reduce costly consumer and bank data breaches. These standards ensure that merchants safely and securely accept, store, process, and transmit customers’ credit card information during a transaction, so complying with PCI DSS helps protect against data breaches.

How Square protects your transactions

As a seller, you’re required to comply with PCI DSS if you accept payments through Visa, American Express, Mastercard, and Discover credit cards. Compliance isn’t simple, though, and it can entail the installation of pricey software and hardware and signing an expensive contract that requires you to agree to a bank’s terms for annual PCI compliance.

But with Square, payments are PCI DSS compliant, so you don’t have to worry about audits, assessments, or noncompliance fees.

Square also protects you from chargebacks, which is when a cardholder disputes a transaction and asks their credit card company to reverse the payment. Even if the card-issuing bank rules in your favor, it can be a slow, complicated process, and on top of that, many payment processors assess a fee from you in a chargeback situation. Square doesn’t charge a fee in these situations, and we deal with the bank disputes for you.

In addition to PCI DSS compliance and chargebacks, Square also shields you from fraud by monitoring payments, keeping an eye out for suspicious activity, and adjusting our algorithms to check for new trends in fraud. If our team suspects that something is wrong, we’ll reach out to you to head off any potential problems before they affect your business.

Related Articles
PCI Compliance: What You Need to Know
What is Two Factor Authentication And How Does It Protect Your Business?
Chargeback 101: Credit Card Chargebacks Explained