Cybersecurity protection can fall down the list of priorities for small to medium-sized (SME) businesses and retailers. Facing a range of concerns including customer acquisitions, business expansion and growth and rising costs, owners often cite a lack of time and resources as a barrier to addressing cybersecurity vulnerabilities. There’s also the belief that size can provide a level of protection, with SMEs not seeing themselves as a relevant target for hackers. However, Mastercar
Mastercard research demonstrates that this is not necessarily the case. Over 300,000 businesses have reported being the target of a cybersecurity hack, with 33 per cent claiming financial loss as a result.
Meanwhile, about 70 per cent of SMEs expressed a desire for “simple cybersecurity resources” to kickstart their journey towards securing their internal systems. In response, Mastercard has teamed up with ethical hacker Jackson Henry, as part of its ‘Cybersecurity in 60 seconds’ campaign.
Henry – who became recognised for his work highlighting vulnerabilities within the United Nations internal systems – is working with Mastercard on a 10-part series to educate these business owners, and help them defend against data breaches and cyber-crime.
The series will launch across Mastercard’s YouTube, and other social media channels.
“Finding vulnerabilities before they do”
In discussing how he became interested in ethical hacking, Henry – who has worked for organisations including Harvard University, the US State Department, Ford Motor Company, and the European Union – told Inside Retail that there wasn’t a particular moment that sparked his interest.
Rather, he had always been interested in technology and its inner workings and, as he developed a deeper understanding of this field, he became better at identifying shortcomings and vulnerabilities.
“While in high school, I couldn’t work full time in cybersecurity. There weren’t professional employment opportunities that were easy for me to pursue. So, I decided to practice and refine my skills for companies that would openly invite the hacking community to help them, [most] notably the United Nations,” Henry said.
“The concept of ethical hacking is to emulate the techniques, mindsets and overall behaviours of a malicious hacker, to help find vulnerabilities before they do.”
Henry opted to work on this Mastercard series after identifying that larger businesses – with big teams and significant resources – face significant challenges in safeguarding their systems. This is demonstrated by the number of data breaches that have occurred in retail in recent times.
So, he decided to work with Mastercard in the SME space, as these businesses don’t have the same resources, and are thus vulnerable to attacks.
He added that human error is often a primary factor that can create vulnerabilities – and this can be minimised through education.
A few simple steps
Within the 10-part series, Henry highlighted a few practical tips that SMEs can implement to enhance and protect their cyber-security.
This includes the use of more complex and unique passcodes involving special characters, and avoiding using the same passwords across different sites and services. Despite growing awareness around the risk of using just one, simple password, he stressed that this practice remained all-too-common among SMEs.
He also suggested the adoption of multi-factor authentication, which provides another layer of protection.
These two methods are easy, cost-effective and quick for businesses to implement.
Another step that SMEs can take is to sign up to, and follow, the advice and alerts published by the Australian Cyber Security Centre. This, he explained, can help businesses remain up to date with relevant changes and developments.
Henry added that the belief that SMEs won’t be subject to cybersecurity attacks – due to the fact that they have “nothing to give” – is misguided.
“[Hackers] will attempt to target anyone and everyone, regardless of their size,” he said.
But unique passwords, multifactor authentication and not using the same WiFi network for both public and business matters can protect against harm.
Keep your data set slim
According to Henry, businesses and retailers should also be cautious about how they collect customer information – and the type of information they are collecting – in order to minimise the risk of a significant data breach.
“As a rule of thumb, businesses should only be collecting [information] that is necessary, and retain only what they need to,” he said.
“It’s better to keep your dataset slim because, the more customer data you have, the bigger [the] target.”