6 cybersecurity tips for small retailers

Brought to you by Insureon Small Business Blog: Risk management insights and more for your business.
A data breach can cost a business tens of thousands of dollars, and break trust with customers. Prevent data breaches by taking steps to secure your retail business's point-of-sale system.
A cashier runs a credit card through a credit card machine.

Data breaches aren’t making the headlines as much as they did a few years ago, but don’t let that lull you into a false sense of security. Cyber criminals are constantly on the prowl for new victims, and your point-of-sales system may be the crack they creep through.

“Cybercrime is becoming a huge problem, and small businesses are vulnerable because they are small businesses,” says Pat Toth, a supervisory computer scientist in the computer security division at the National Institute of Standards and Technology. “If they have a security breach that shuts them down for a week or costs them $80,000 in fines or penalties, that could put their business at risk.”

Don’t have $80,000 to drop on data breach fines? That’s a good enough reason to buy cyber liability insurance. But you also want to do all you can to minimize the chance of a breach in the first place. Here are some ideas to help you get started.

1. Make a plan

According to Toth, data breaches are not a question of if but when, so she says the most important thing is to make a plan with preventative measures. She suggests you consider questions like:

  • What are your employees allowed to do while they’re on the work systems?
  • What are the consequences if they’re caught doing something they shouldn’t online?
  • How often do you do backups?
  • Where are your backups stored?
  • What are the best practices for strong passwords?

Pro tip: Toth says retailers can find even more ideas for their cyber security policies from the FCC, the FTC, and the SBA.

2. Train your employees

“For small businesses, the biggest problem area we’re seeing is malware," Toth says.

She notes that small businesses are more likely to have employees who aren't trained to recognize malware links. As a result, these employees might click on malware links or videos on a work device.

Criminals can even access your stored data through your point-of-sales system. Basically, they use automated Internet searches, locate a poorly protected POS, and download malware into your system. An employee who doesn’t know what to look for can accidentally open the file and give hackers access to your customers’ credit card information.

Pro tip: Make sure your employees learn to look at all emails, files, and clickable content with a healthy dose of skepticism. But even then, consider limiting access to your POS so only properly trained employees can use it.

3. Update everything

Malware is such a problem for small-business owners that Toth encourages retailers to do everything they can to protect their business from it. That includes having good antivirus software that you update regularly. She also points out that you want to don’t want to use an operating system that is five years old just because it’s convenient and you know how to use it.

Pro tip: It’s not just your software you need to update. As a retailer, Toth says you had an October 1, 2015 deadline to switch to EMV chip card technology for your card readers. If you haven’t, you may be responsible for fraudulent transactions. Read this Small Business Administration article to learn what you need to do to protect your store.

4. Set up individual accounts

Toth tells the story of an accounting department that had five people on staff, each of whom used the same user ID and password. Their justification? They needed everyone to have access in case someone was out on payday.

That might not seem like a big deal, but insider threats are a major risk for your business. Imagine what could happen if someone leaves and passwords aren’t changed. Moreover, shared passwords may make it difficult to tell who logged into what and when they did it.

Pro tip: Setting up individual accounts is usually not the problem. Policing the users is. Check out this blog post from TechRadar for pointers.

5. Think about your customers

Toth says retailers need to think about the customers coming into their shops, too.

“If somebody comes in and there is no one sitting at the desk, what information can they see? Can they get on your computer and nobody would even notice? Can they walk away with someone’s laptop without someone noticing?” she asks.

Physical access isn’t the only way a customer might cause a data breach. Retailers who offer free Wi-Fi need to be careful, too. Toth says if you just set up a guest account and never change the password, you may be opening your business up to an attack.

Pro tip: Retailers who sell their wares online should also take a look at their website.

Toth says, “Each page within the website itself has code to it that a malicious person could get to and either change the code or mask the website.”

She recommends protecting every page on the site, not just the public facing ones like the checkout or signup pages.

6. Get cyber liability insurance

As we mentioned earlier, cyber liability insurance is an important coverage for retail businesses. After a breach, a cyber liability policy may help pay for:

  • Credit monitoring services
  • Legal fees
  • Judgement and settlements
  • Cyber extortion expenses
  • PR management fees

Pro tip: You can usually buy cyber liability insurance as a standalone policy or add it as an endorsement to another policy. Talk to an agent to figure out which one makes sense for your shop.

Compare quotes from trusted carriers with Insureon

Complete Insureon’s easy online application today to compare quotes for cyber liability and other kinds of business insurance from top-rated U.S. carriers. Once you find the right policy, you can get coverage in less than 24 hours.

Save money by comparing insurance quotes from multiple carriers
What kind of work do you do?