The home heating oil industry has a long and proud history, and Fuel Oil News has been there supporting it since 1935. It is an industry that has faced many challenges during that time. In its 77th year, Fuel Oil News is doing more than just holding
Issue link: https://read.dmtmag.com/i/591447
www.fueloilnews.com | FUEL OIL NEWS | NOVEMBER 2015 33 BUSINESS OPERATIONS BY COLLIN SULLIVAN, AVATAS NATIONAL ACCOUNTS MANAGER S ecurity is one of the topics that most often comes up when onboarding new customers and checking in with existing ones. Particularly PCI Compliance and what it means for their business. First, as a merchant who accepts credit cards, you are responsible for securing your customer's data and comply- ing with PCI standards, but don't panic. Complying with PCI is really just common sense. Here are a few interesting statistics that will get you to start thinking about data security for your business. 81% of credit card fraud happens in businesses with less than 50 people. (Hiscox) 20% of small businesses are victims of cybercrime each year. (National Cyber Crime Alliance) 60% of small businesses that have experienced a data breach are out of business within six months. (National Cyber Security Alliance) The average loss for a small business from cyber-crime and fraud, including credit card fraud, is $155,000. (Association of Certified Fraud Examiners) So, if you are serious about wanting to protect your custom- ers and company data, and you should be, what is the best way to tackle PCI and implement it for your business? Think about it this way: What do you do to get your house ready before you and your family go to bed? If you are like most people, you lock your front door, back door, side door, and windows. Now apply this same framework to your business. WEBSITE: THE FRONT DOOR TO YOUR BUSINESS Your website is like the front door to your house. It is the most visible entry and accessible by practically everyone. With web- sites there are a couple of vulnerabilities to be aware of. The first deals with how information is exchanged over the internet. In most cases, data across the internet is in text form. That means that if your customers transmit information to you via your website, it could be intercepted and read by hackers. The sec- ond, is that if your web software isn't up to date there might be holes that can be exploited. To help mitigate these risks, deploy a Secure Sockets Layer protocol (at AVATAS we require all customers to do this) to safeguard information flowing between your customers and your website, and make sure that you are updating your web software. OFFICE SOFTWARE: THE BACK DOOR The next area to think about is the back-door to your busi- ness. For most of our customers, this would be the back-office software used to run your business, and process payments. The danger is that if someone can get in here, they may be able to access customer data. Since most companies purchase this type of software, your goal is to ask potential partners the right ques- tions. The first question: Is your software and its payment mod- ules PCI Level 1 certified? If not, tread carefully. You should also find out more about the company. Do they have a history in the industry and can they provide references? Next learn a little more about how the software actually secures data. Key words that you should look for that suggest your vendor is serious about secu- rity: encryption, tokenization, firewall, SSL and hosted payment page. You should also ask them where your data will be stored, including the physical location and whether it will be on a server or in the cloud. LOCKING THE SIDE DOOR: SAFELY HANDING CUSTOMER INFORMATION Look at your side door. For businesses, this means making sure that your company safely handles sensitive customer informa- tion and keeps it from prying eyes. The best way to do this is to let customers enter their own information using online or other IVR tools that bypass the human element both in and out of your organization. If you aren't ready for that, make sure you have detailed policies in place that govern the storage and destruction of this information. Think about restricting access to areas where sensitive information is stored, and background checks for employees who handle it. LOCK THOSE WINDOWS AND GO TO BED: INTERNAL IT POLICIES Think about your internal IT tools and policies. For your busi- ness, these are the windows you need to lock. Fortunately, it doesn't take too much to secure these avenues. By using and keeping your virus software updated, you can significantly mitigate the risk posed by viruses, phishing scams, spyware and other malware. On the internal policy side, make sure every user has their own login information. This not only allows you to segment access to sensitive data, but it can also allow you track what users are doing and cut off access once someone that has left your organization. Along these same lines, put in requirements for password complexity (and require that they be changed periodi- cally.) Finally, make sure that employees do not keep card data on file (i.e., on their desks or computers). AVATAS Payment Solutions is a payment processing com- pany for the energy and service industry. Collin Sullivan can be reached at 866.298.7836 or by email at info@avataspay ments.com. Lock It Up An alternative framework for business security l F O N