If you’re a small business owner, you might think you’re safe from ransomware attacks and hackers. Unfortunately, many of these hackers specifically target smaller retailers, precisely because they assume these companies don’t have proper security in place. According to the Ponemon Institute’s 2017 State of Cybersecurity in Small & Medium-Sized Businesses report, the percentage of small businesses that have experienced a cyber-attack in the past 12 months is up from 55% in 2016 to 61% in 2017. Another study saw a 20.5% increase in attempted cyber-attacks between November and December of 2016.

This information should make it clear that you need to be concerned with your online security. Especially as online shopping ramps up for the holiday season, you need to make changes to protect your businesses’ data, as well as your customers. Follow these tips to stay safe all year round.

  1. Only Collect Data You Need

The best way to keep data out of the hands of hackers is to not have any of that data in the first place. When it comes to collecting data from customers, only collect what you really need, then, only keep it for as long as you need it. Whatever data you do collect, make sure it is stored in a secure place and is frequently cleared out of unnecessary info.

  1. Use Outside Providers for Credit Card Information

You should avoid collecting and storing customer credit card info on your own servers. Instead, use a third-party system like Square or PayPal. These companies have the security in place to keep your customer data safe, plus, it might give your customers peace of mind to know that you are using a secure system.

  1. Use SSL on Pages that Collect Customer Information

Use SSL certificates on checkout pages, signup pages, and customer login pages, which prevent attackers from stealing passwords and credit card info. Customers can see you have these certificates because the URL starts with “https”. This shows the customer that you are prioritizing their security and will encourage them to shop on your site. If you don’t have these systems in place, customers might not trust your site enough to make a purchase.

  1. Encrypt Everything

Always encrypt your passwords and other sensitive information as a precaution, in case the data falls into the wrong hands. If you store customer data on your computer, consider encrypting your hard disk, this way, even if your laptop is stolen or misplaced, the customer data won’t be compromised.

  1. Always Update your Software

Delaying software updates could put your system at risk because these often include fixes that could leave you vulnerable. Be diligent with updating to the latest version of every software or program you use. This is especially important for your shopping cart or credit card purchasing applications. Keep updating your processes to the latest and greatest, so you can help ensure your customer data is protected.

  1. Review Your Internal Practices

Make sure everyone on your team only has access to the data they need. If employees keep data on their computers, consider restricting them from bringing the device home. Those employees that do work with data should also be educated on best practices for storing and disposing of data. Employees should also be required to use strong and secure passwords with any company accounts. If you aren’t sure where to start, working with a cybersecurity consultant can help set you up.

  1. Require Customers to Use Strong Passwords

When customers create accounts on your site, set up requirements that it contains certain characters or is a certain length. By making efforts to educate and remind your customers to prioritize their own online security, you can help protect your own site. You can also consider adding two-step verification for consumer accounts for extra protection.

  1. Be Diligent

Though it can be difficult to make the time to stay updated on your online security, it is paramount for the protection of you and your customers. Have regular checks in place to make sure no data has been compromised. If you don’t have enough bandwidth to employ a full-time security expert, consider outsourcing. The investment up front will be much lower than the cost of paying ransom to a cyber attacker, or the cost of lost customers who won’t return after their data is compromised.