If you thought it was hard work protecting your own details from scammers, you’ve seen nothing yet. The new EMV regulation this year makes you responsible for protecting your customer’s data too!
Nerve wracking, right? If your palms are sweating at the thought of all the extra responsibility, take solace in knowing that you aren’t alone. Experts have estimated that less than 1/3 of businesses will be compliant when these regulations take effect on October 1st.
You can’t afford not to be ready, so why wait? Start preparing your business today with these 3 key steps:
Avoid a Breach
Managing your customer’s data starts at the POS and ends with your data storage. Any leaks in your data chain will make it easy for scammers to compromise your security. Every salon and spa business should ensure that your front desk computers aren’t compromised with activities that could expose your processing to outside risk. For example, employees should not use the POS system to browse the internet, as this is the first point of attack for most hackers.
Get Your Incident Response Team in Place
The Department of Justice recently reported that 42% of businesses have had a data breach this year, so it’s important that you have an Incidence Response Team in place so you aren’t left scrambling if that day comes for you. Think of them like the Ghostbusters – ‘who you gonna’ call’ if and when your data gets breached? Well, ideally you’ll have an IT team; a legal firm to manage the paperwork, and a good PR firm to manage the public disclosure. It’s better to have these relationships in place before any breach happens.
Managing your own in-house team’s response is important and, according to Sandra Anderson – Chief Legal Officer at Great Clips, an all-encompassing response to a breach is key.
“Don’t just look at it as an IT issue. You need to involve legal, management and the CEO to ensure the correct response.”
Public Disclosure
So the worst has happened – there’s been a breach, the Secret Service are investigating and it’s time to go public (as directed by State Law). What next? Your PR firm will advise you on what you should and shouldn’t say to the media/public – so listen to them. As a general rule, try not to use the words “breach” or “hack”, as these can create panic that can irreparably damage your brand.
The Secret Service will advise you too. Mari Fellrath, the VP of Great Clips, commented on this when recalling her own experience with credit card incidents – “The Secret Service were very clear. Don’t talk about the details of the investigation until it’s complete. Any leaks of information at this sensitive stage can help the bad guys get away.”
Credit card fraud is a nightmare situation to deal with, but by putting proper measures in place it can be dealt with. And that’s what we want you to take away from this. Protect yourself by preparing yourself and you’ll be ready for any breach that comes your way!
