“First there was Heartbleed, then Shellshock, and now Poodle, yet another serious security vulnerability in yet another widely used piece of software that went unnoticed for years.”
“Sears quietly announced via a filing with the Securities and Exchange Commission that one of their brands, Kmart, had suffered a data breach. It appears based on the information that they’ve shared that Kmart’s point of sale systems were compromised by malicious software. Kmart has discovered themselves in the unenviable position of being shoulder to shoulder with companies such as Home Depot, Target, Dairy Queen, Neiman Marcus and other firms who have also suffered this fate.”
Two different excerpts, from two different articles, on two more breaches — newly discovered since we posted here, a mere week ago.
What such a relentless stream of news does to the electronic payment environment remains to be seen, though on the plus side, newer safety measures are being fast-tracked, and according to a recent Wired article, the “Heyday of Credit Card Fraud is Almost Over.”
“The US,” they state, “is about to finally embrace the secure chip-based authentication system called EMV—the standard was pioneered by Europay, MasterCard, and Visa—that the rest of the world has already adopted. Pushed by mounting fraud costs, credit card companies have crafted incentives for merchants to switch to the sophisticated readers needed to accept the cards.”
Meanwhile, coming incentives and new technologies aside, we wrap up our mini-series on MasterCard’s Tips on what you can do to protect yourself, and your business, right now, to substantially decrease the risks of fraud, or “hackery.”
This week, we conclude with basic tips on one of the most basic aspects of all: Network security.
*Make Sure All Systems Are PCI DSS Compliant. Lack of “updating” is one of the simplest steps hackers take advantage of. Make sure your business is compliant with the latest from the Payment Card Industry Data Security Standards.
*Update All Your Anti-Virus Software. You’d be surprised — or maybe, given the news, you wouldn’t — how often this simple step is overlooked.
*Perform a Password Review. Look over your systems to see if any passwords are too short, too weak, or still using the “defaults” from the manufacturer.
*Consider Two-Factor Authentication. Look at what sign-ins can be made more secure with two-step sign-in. Especially remote applications.
*Review web-facing Applications for Vulnerabilties. That’s where we came in this week, with the news about the “Poodle” bug, now joining Shellshock and Heartbleed as examples of weaknesses in the network itself. Patches exist in the wake of these discoveries. Make sure your business is up on them.
*Implement an Intrusion Detection System. They exist. And they can help.
And we hope this series of “safety tips” has helped, as well. Print ‘em out and put ‘em on the lunch room fridge! Or better yet, pass them along to everyone else in the office, even your beleaguered IT folks!
Contact us. We’ll see you safely down the road, in a week.