By the time you start reading this, there’s a reasonable chance that the Equifax data breach has been pushed from the headlines by another high-profile cybercrime. What is far more likely – almost certain, in fact – is that by the time you finish reading this, someone else’s data will have been compromised in a much less publicized online theft.
The sad fact is that bad actors and data breaches are a significant part of the digital world in which we live. And that’s a particularly frightening fact for ecommerce merchants whose livelihoods are threatened not only by potential breaches of their own customers’ data, but also by the possibility of fraudulent activity resulting from any stolen data.
Rather than merely hoping the next newsworthy data breach doesn’t affect your business, as a merchant you should instead look for a silver lining hidden behind the headlines. Treat it as a learning opportunity, and below are just some of the valuable lessons waiting to be learned.
What should I know about encryption technology and security recommendations?
If you don’t believe that data-field encryption technology can protect your customers’ personal information from cybercriminals, please reconsider now before it’s too late to act. If you are not clear on which encryption standards are recommended by security experts in the payments industry, do the research now rather than later. If you are unclear on what exactly is data-field encryption technology, start your research here.
Are my employees trained in database management?
If you have employees, be sure that anyone with access to customer databases has the proper training to ensure against the possibility of inadvertent sharing of information. If you are the sole proprietor of your ecommerce enterprise, explore some training resources for yourself.
Who will lead my business’ incident-response team?
Many companies, small and large, make the mistake of assembling an incident response team after the incident has occurred. Use the Equifax data breach – not the next one – to spur you into action and appoint a team now. Then train the team on all manner of protocol in the unfortunate event that your customer data is breached or the business is exposed to fraudulent activity resulting from a breach.
How should my business react if customer data is breached?
Unfortunately, many of the big corporations victimized in high-profile breaches provide examples of how not to react in such a crisis. The correct response is to react swiftly, honestly and thoughtfully, but too often we see only partial disclosures, slow response times, even cover-ups and finger-pointing that does little if anything to protect the real victims – the customers whose data has been compromised.
What resources do I have to fight the bad guys?
There are many, and some simple research now will help you be prepared if and when they are needed in the future. One potential resource that is often overlooked is the other merchants in your field. Talk to them and invite a dialogue about what they are doing to protect their businesses and perhaps even explore as a community how merchants can fare better in the fight against cybercrime.
Data breaches are an unfortunate reality and an unpleasant topic to address, especially for merchants trying to keep up with an industry that changes by the minute. But pretending they don’t happen or simply hoping it won’t happen to you is doing a disservice to your customers and it opens the door for the worst consequences if, in fact, it does happen to you.
Jared Ronski is co-founder of MerchACT and works with merchants globally to ensure they are paired with the right merchant account for their specific business needs. He has worked closely with higher risk business models and has provided companies of all sizes with payment processing solutions.