Most businesses are primarily concerned about outsider infiltration of payment processing or networks. However, you should also consider threats that may occur within your business, which can be indistinguishable from outside threats. There are several major insider threats you need to consider to adequately protect your business and customers.
If your employees have access to different computer terminals throughout your business, this can make it easier for any single employee to install malicious software on one or more computers. A popular type of malicious software is one used to record keystrokes. This may be used to uncover log-in and password information for administrative accounts or to find out personal information about other employees. You should always encourage employees to eliminate personal use of work computers. If your computers are ever compromised, this could prevent additional problems for other users of the system, such as the compromise of personal accounts.
Malicious Data Access
You should also consider ways to prevent employees from wrongfully accessing data, even if they are authorized to view the information. For example, you may want to receive alerts if there is an unusual increase in the frequency of data access, secure databases are accessed outside of normal business hours, or information is accessed from an unrecognized device, even if this is done by an employee account.
Additionally, you should have safeguards in place to reduce printing or transferring data to another device. Although this will never eliminate the risk of information being shared, since photographs, video, or screen shots may be used, it may reduce bulk transmission of sensitive information. You should also monitor information on who accesses information on a network level, not just specific databases. Unauthorized access of the entire network could quickly mean malicious software has been installed system-wide or all of your data has been compromised.
Although most businesses have payment terminals, there still remains businesses, both large and small, that require credit/debit payments to be processed by employees. It is always ideal to have payment terminals that do not require credit or debit cards to leave the customer's hands. There still remains the risk that an employee can use a skimming device to take a customer's credit/debit information.
Restaurants are especially problematic, because the payment method is often taken out of the customer's sight for processing. More restaurants are creating payment terminals at individual tables to make processing more secure. If you choose to adopt a similar method, make sure to check each terminal periodically throughout the day to ensure no skimming devices have been installed.
As much as you want to prevent outsider threats to your business, you must acknowledge that threats can also come from the people who work in your business. Protecting yourself and your customers from both types of threats can prevent loss of money and customer trust. Contact a company like Stealthbits for more information.