— November 21, 2017
Small Business Saturday 2017
Small businesses far and wide are preparing for Small Business Saturday, a retail holiday that focuses on promoting small businesses during the holiday season. Even though Small Business Saturday can help your business increase sales, customer base and brand awareness, it can also leave you vulnerable to numerous identity crimes if you haven’t prepared for the potential risks.
Since its inception in 2010, Small Business Saturday has gained attention from consumers across the U.S. Per the Better Business Bureau (BBB), an estimated 112 million customers shopped at small businesses during Small Business Saturday in 2016. Today, over 70 percent of U.S. consumers are aware of the retail holiday.
Where It Could Go Wrong
The good news is that consumers value Small Business Saturday and the small businesses within their communities. But the value that consumers place on your small business is also influenced by the level of trust they have in you to protect their sensitive information.
While you may enjoy the benefits of the increased traffic this season, be sure you’re also considering your business’ risk of data breaches and cyberattacks, as well as risks to your customers via card skimming and social engineering scams. It’s crucial that you’re aware of the increased consumer and employee traffic that Small Business Saturday and the overall holiday season may bring to your business.
Small Business Saturday and the holiday season often bring increased crowds of customers to your business. Whether it’s in the store or via online sales, it’s easy to simply think “increased traffic = increased sales.”
However, crowds can also make it more difficult for you and your employees to spot suspicious activity or individuals within your business. Fraudsters leverage their surrounding environments to carry out various social engineering scams targeted at your customers.
Depending on the type of business you run, you may need to review your point-of-sale (POS) security. POS systems have historically been prime targets for identity thieves wanting to capture credit and debit card data. Two common ways that criminals attempt to capture card data via POS systems are by placing card-skimming technology on the terminals themselves, and hacking into them to install harmful software.
Identity thieves may also be targeting your customers via phishing emails and spoofed webpages. These scams can use your legitimate company logos, signatures, addresses, etc., to trick your customers into giving up their personal information.
With the influx in traffic during the holiday season, you may also rely on seasonal hires to keep your business running smoothly. However, seasonal hires are temporary employees and often do not receive the same level of training that a full-time employee would. Even if employees are seasonal only, it’s still imperative that they are trained on proper use of business technology, personal devices, sensitive data and overall business security awareness.
From a physical perspective, seasonal hires are employees that come and go – often in large volumes over short periods of time. While background checking can be expensive, many employers choose to give minimum access permissions to their temporary employees. This helps safeguard your sensitive business information from fraudsters trying to capture it from the inside.
Small Business Saturday Prep Checklist
We understand the holiday season can be a hectic time of year. The checklist below can help properly prepare you, your employees and your small business for Small Business Saturday:
- Double check the safeguards placed on your business’ financial accounts and sensitive information.
- Update the passwords to your business accounts and devices. Use the Password Strength Test to see how well they’d stand up to hackers.
- Update anti-malware, anti-virus or anti-spyware software installed on any of your business computers, terminals or devices.
- Implement proper security training for your seasonal employees that focus on cybersecurity awareness, proper use of business devices and handling sensitive customer data.
- Be sure that your operating systems, devices, programs, etc., are up-to-date with the latest versions of software.
- Tell your customers what they can expect from your business so they can avoid falling for phishing emails and webpages using your business’ identity.
- Consider adding extra physical security for businesses with larger customer crowds.