“Security breach” is the last phrase any hospitality business owner wants to hear, yet breaches continue to make headlines. Where owners are taking steps to keep their customers’ data secure, chances are they are not fully covering themselves and are unknowingly exposing themselves to risks and cyber criminals if they are not working with a security professional.Staying secure requires a broad and constant review of your business. It requires a dedication and an expertise to properly address. Consider these 5 things as you review and answer the question “are you doing everything you should to reduce your risk and to protect your customers?”
- Separate guest Wi-Fi from any network that stores your critical, sensitive data. If you are offering guest Wi-Fi, make sure it’s on a different network than your POS and other business systems where customers’ credit card data and your business data live. Guest Wi-Fi is a great perk for patrons, but it should be on a separate network and secured.
- Double check that remote access. Who doesn’t want to be able to log into the POS and access sales and report data while you’re on the go away from your business? Remote access is a great tool, but double check that your remote access is secured and uses two-factor authentication. Many services offer remote access, but not all provide the security required for your business. If not secure, it could be the entry point into your network for a cyber-criminal.
- Actively manage your firewall. It’s great to have a firewall, and it’s critical to your business, but it isn’t enough. A firewall acts as the first line of defense between the internet and sensitive data, including cardholder information. It serves as the steel door to your business. Although many business owners purchase a firewall, few realize they require updates and continual management. Someone has to provide oversight. If you are not, then your firewall isn’t offering you the protection that you think it is.
- Make sure your staff understands the security rules. It isn’t just about your software or your networks. If your staff does not follow recommended security practices, like not sharing passwords, not locking up the back office at the end of the night, etc., then you are not PCI compliant. When new staff joins, make sure they know and follow your documented security procedures.
- Make sure your equipment is up to date. On April 8, 2014, Microsoft discontinued support for Windows XP operating system. File servers running that system need to be replaced. If you continue using it, or other outdated equipment, you’re exposing yourself to the possibility of a security breach. If you have not already, upgrade your equipment and software to supported versions to protect yourself.