Avoiding A Data Disaster. Data security breaches are frequent news. Risk Based Security’s recently released Q1 2018 Data Breach QuickView Report, indicates that there have been nearly 700 breaches already this year, from January 1 to March 1, 2018. It also states that this number is a decrease from the year before, when the number for the same timeframe was more than a thousand.
While breaches remain a very real issue for many retailers, it is not a topic often discussed among the small businesses that predominate vending, micro market and office coffee service. Operators don’t feel at risk, or believe it is the cashless service provider who would be liable should a breach happen. These could both be true, the latter depending on the contract; however, neither changes the reaction of the customer.
“It is usually the processing company that has the breach, but no one knows them,” said Michael Kasavana, MSU/NAMA Professor Emeritus, who has written a whitepaper on data security and presented educational seminars for NAMA on the subject. “Therefore, the blame gets put on the retailer. You’ll get the bad rap regardless of whether it’s something you may not have been responsible for doing.”
The threat for operators who aren’t concerned about data security is that it can still make customers lose faith and restrict business with that service provider. To mitigate the risk of attack as much as possible, it’s necessary to understand the basics and ensure payment providers are complying with current payment security standards.
In July of last year, micro market supplier Avanti Markets announced that it had been the victim of a malware attack on its credit card data. It shook the industry as this was the first vending, micro market or office coffee service company to acknowledge an attack as well as publicly discuss the issue. John Reilly, president of Avanti Markets, spoke at the 2017 NAMA CoffeeTea&Water Show about the experience saying, “Breaches can occur under the most mundane of circumstances…if it could happen to us, it could happen to any company in our industry.”
He reiterated the importance of having a plan to prevent, address and recover from a data breach, as well as continuously reviewing and updating the plan. Educating employees was another topic, Reilly mentioned, as unintentional opening of a malicious email can often allow entry into the company’s network.
“Educate staff how to deal with confidential information as they can be the conduit that can open access leading to a data breach,” he said.
Much of the best practices related to data breach prevention, detection and recovery are covered in a best practices guide found in the NAMA online store. It is a great resource written by Kasavana for operators looking to delve deeper into cyber security. For small and medium operations who contract out payment services, there are still things to know for proper risk management.