When thinking about cybersecurity we do not always think about paper receipts and insider threats, but we should. It is important to remember cyber threats can come from every direction, even from your own employees or co-workers. Cyber threats is also a term used that can be interchangeable with terms like information security or data security. These terms are blanket terms for many types of threats that use the internet or a network or digital data. Lastly, insider cyber threats can impact any type of small business, even fast food restaurants.
No business too small
For many years there was this misguided belief small businesses weren’t targets for cyber crimes. We now know this is not true and never really was. All businesses are targets. Cyber threats are not always sophisticated technical attacks. Cyberattacks can be as simple as not ringing in the correct amount on a customer’s food order, like in the linked article by KrebsOnSecurity.
Low tech, no tech
Not all cyber crimes involve high tech. In this example in the KrebsOnSecurity article, the crime involved misuse of a point of sale system and the audio tech used to take customer orders. There was no virus installed on the network or devices and nothing was hacked. Instead, there was technology misuse on behalf of employees. Technology misuse is always a possibility and so it is important to put other safeguards in place to monitor for this.
What you can do
If you are a small business it is important to incentivize customers to want their paper receipts. It is also important to incentivize employees to always ask customers if they want their receipts and to hand them the receipts directly. Doing this can help minimize the risk of this happening to your small business. Beyond incentives, other safeguards like security cameras and audio recordings can help minimize this risk too.
Take it a step further and have this practice as a written business policy. This allows you to more easily train your employees on this and to hold the employee accountable if an employee continuously defies the policy. Business policies are the foundation of a cybersecurity program. These policies help guide a small business and help keep focus on its business goals.
Protecting your small business is never easy and we are here to help. Test your cyber knowledge and take our Learning Course. For more information on low tech, no tech cyberattacks and other small business cybersecurity resources, check out Small Business, Big Threat! For more on cyber policies, check out the Access Resources page.