August 24, 2016
CNP Expo: Big Cybersecurity Fixes for Small Cybersecurity Budgets
May 20, 2015
Staying secure with a small budget can be a major challenge. Joe Wysocki, executive director of e-commerce for Heartland Payment Systems, summed up the attitude of many small businesses toward security: “[Small companies] get the risk, they understand, but they’re looking for the Ronco solution: ‘Set it and forget it.’ And I think it’s a challenge for our industry to find a cost-effective solution for these small businesses.”
Moderator Scott Zoldi, vice president of analytic science at FICO, agreed, noting, “Sometimes in small companies, security is seen as a nice-to-have instead of a must-have because of the cost.” Charles Hoff, CEO and co-founder of PCI University, reminded merchants of the financial impact of non-compliance: “There are fines from the card company if they find you weren’t compliant after the breach, then the chargebacks and remediation, and that’s to say nothing of the damage to your reputation. You read about Target and the other major breaches, but most of these breaches happen to small merchants. [Small merchants] are low-hanging fruit, because you are the most vulnerable and the least aware.”
Ruston Miles, chief innovation officer and founder of Bluefin, pointed out that “we’re seeing a move to technologies that devalue the data, rather than defending the data. Even a low-tech company can implement [those technologies], and once they do that, 90 percent of those PCI security questions no longer apply.” He recommended small merchants look into P2PE and tokenization, which can be available for as little as $30-$50 per month.
Tom McDonald, vice president of U.S. enterprise security for Paladion, highlighted the importance of educating your staff in data security basics and making sure they consider data security in every decision.
“It’s important to build security into products, loyalty programs, etc.,” he said. “Make sure you have written policies and procedures around security issues and what your response would be if there were a breach.”