4 Most Common Security Mistakes Startup Businesses Make | Soar Payments LLC
Home / Podcast / 4 Most Common Security Mistakes Startup Businesses Make

4 Most Common Security Mistakes Startup Businesses Make


Studies show that startup businesses are more likely targeted by hackers due to lower security levels typically employed by new businesses as compared to established businesses. As a new business, it can be difficult to know what steps should be taken to ensure that a customer’s sensitive information is secured properly, and which mistakes could be costing your business to lose customers and credibility. The following article describes four of the most common security mistakes committed by startup businesses when processing payments, and what your business can do to avoid those mistakes.

1. Failure To Update Passwords

Obviously, passwords exist to make it difficult for other people to gain access to an existing account and sensitive information, which is why it is always suggested to a password be lengthy and related to something only the account holder would know. The longer a password is in use over a period of time though, the greater chance a potential hacker could have access to your customer’s sensitive information. Because of this, it’s important to change passwords on any and all virtually stored accounts that contains sensitive information, such as payment transactions, every few weeks or couple of months. One easy way to ensure this actually happens, is to create a to-do list item on your calendar each month, with a list of sites that need updated passwords.

2. Failure To Categorize Information by Risk Level Within The Company

We all implicitly understand the importance of keeping customer’s personal and sensitive information secure. But does some information require more security than others? Absolutely. Thus, treating all information equally, and enabling all employees equal access to that information is a poor decision. Unfortunately, it is the de facto modus operandi for many new businesses.

By contrast, a proper access limit plan starts with knowing what kind of data needs to be protected and what data can be viewed by any and all employees, and organizing said information into such categories. For example, data could be organized into sections such as: restricted, confidential or private, and public. Meaning that restricted information is the most sensitive and would only be allowed to be seen on a need-to-know basis by the account holder and/or owner of the business. This kind of sensitive information would be credit card numbers used in the process of payments, security codes, or even social security numbers. Meanwhile, confidential or private information that is not of a financial nature, could be treated as moderately sensitive and could be viewed internally by all managers of the company. This information could include, for example, addresses for credit cards and names of people on the accounts. That leaves us with the last category, public information which would include information that would cause no harm to the small business if revealed, such as, how many accounts a business has, or how many customers the business may have.

3. Allowing Too Many Employees Access

When storing sensitive information into your businesses database, there will be times when that information needs to be accessed, and it is important to determine who will receive the access to that particular information. A good idea would be to designate a small number of employees who are allowed to actually view and use the customer’s sensitive information when processing a payment in order to protect the network from any internal threats that could be plausible. Meaning that the information should only be seen by the owner or manager and assistant manager of the business only. One high profile example of this procedure not being followed, was in the Snowden leaks. In that situation internal documents were exposed to the media by Edward Snowden, who had direct access to the files that were exposed. Files exposed pertaining to this case were accessible by more than 10 employees within the business. As you can see, the less employees who have access to sensitive information, the less of a risk being taken for internal threats.

4. Accessing Information On Personal Laptops and Mobile Devices

Knowing where sensitive information is being accessed from is a crucial part of making sure that your business’ payment process goes smoothly and is performed securely. Which brings up the final common mistake businesses make when processing credit card payments: allowing access of sensitive information on multiple outlets, i.e. employee personal laptops, cellphones, and iPads. Information stored on laptops and mobile devices is more susceptible to being lost or stolen, which increases the risk of sensitive information being accessed by hackers or identity thieves. For this reason and the security of your valued customers, it is best to access stored sensitive information from previous payment transactions only from a desktop computer within your business.


Although these are not the only security mistakes new businesses make when processing payments, these four common mistakes can easily be avoided by any business owner. Keeping your customer’s sensitive information protected from potential threats by thinking ahead and setting rules and restrictions, is the simplest way you can maintain confident customers and trustworthy payment transactions.