CHICAGO — As long as laundry businesses use computers in their day-to-day operations, or offer the use of Wi-Fi to customers laundering their clothes, they will be vulnerable to cyber threats.
The first step in improving your cybersecurity, according to the U.S. Small Business Administration (SBA), is understanding your risk of an attack, and where you can make the biggest improvements. The Federal Communications Commission and the Department of Homeland Security offer various tools and resources a laundry owner could use to assess the risk and help create a plan of action for their business.
Following are some more tips from the FCC:
Secure Your Wi-Fi Networks — If you have a Wi-Fi network for your workplace, make sure it is secure, encrypted, and hidden. To hide your Wi-Fi network, set up your wireless access point or router so it does not broadcast the network name, known as the Service Set Identifier (SSID). Password-protect access to the router.
It’s become fashionable (if not expected) to offer a wireless internet connection to laundry customers. Once you’ve determined how many customers may use it at any one time and what they’ll be using it for (checking emails or streaming video, for example), that’ll help you determine the bandwidth you’ll need.
Setting up a separate wireless access point dedicated to customer use is the most secure option and will keep your private business information safe from anyone going online in your store. Change the password regularly to help keep it secure.
Employ Best Practices on Payment Cards — Work with banks or processors to ensure the most trusted and validated tools and anti-fraud services are being used. You may also have additional security obligations pursuant to agreements with your bank or processor. Isolate payment systems from other, less secure programs, and don't use the same computer to process payments and surf the internet.
Limit Employee Access, Authority to Install Software — No one employee should have access to all your systems. Employees should only be given access to the specific systems that they need for their jobs, and should not be able to install any software without permission.
Passwords and Authentication — Require employees to use unique passwords and to change passwords every three months. Consider implementing multi-factor authentication that requires additional information beyond a password (e.g., a security code sent to a phone) to gain entry. Check with your vendors that handle sensitive data, especially financial institutions, to see if they offer multi-factor authentication for your account.
Miss Part 1? You can read it HERE.