Traditionally, winter is a time to burrow inside, and to get ready for spring: stitching up, repairing and mending items for the outdoor season ahead. And under the frost, plants are doing the same thing, getting ready to sprout and bloom in a few weeks time.
Granted, “frost” is more metaphor here in Southern California than reality, but it’s always a good time to make sure your data and customer transactions are as secure as they can be, especially in an environment of such rapid technological change.
Happily, there are no new breaches to report this week. But as the D.C.-based publication The Hill has reported, the new Congress is getting ready to hold its first-ever hearing on such breaches, and what can be done about them.
“The hearing,” they state, “comes on the heels of the White House last week dropping its own proposal on the issue. Within days, Democrats in both the House and Senate pledged to introduce a version of the administration’s offering.
“The main goal of the effort is to create a federal data breach notification law that eliminates the
The effects of the White House-generated bill “would require breached companies to notify affected customers within 30 days. It may also mandate these compromised companies report their breaches to the government. The Federal Trade Commission could additionally be directed to create nationwide data security standards.”
As for how likely any of this is to become law in D.C.’s currently divisive climate, The Hill also notes that “the second two points have proved contentious in the past. But the first point has bipartisan support.”
Hopefully, then, no breaches involving your company will be part of any future 30 day reporting requirement! And to help prevent that, here is the second part of our “security basics” as generated by Visa, and sent to participating merchants.
One of the key areas of vulnerability to most systems — and the culprit in many of the most infamous breaches — is the “remote access” aspect of merchant and retail systems. Among the key points emphasized by Visa to mitigate risk:
*Only allow remote access only from known IP addresses.
*If remote connectivity is required, enable only when needed.
*Ensure a unique username and password exists for remote management applications. If necessary, contact your support provider or POS vendor to doublecheck, or update as needed.
*Use the latest versions of both remote applications, security patches, and operating systems.
*Consider two-factor authentication for remote access. If you’re not using it yet, two factor authentication can work by using something you already have (a device) in addition to something you know, like a password.
And as ever, don’t use default, or easily-guessed passwords, and try to restrict remote access to service providers on an “as needed” basis, for specific time periods.
Coming up in next week’s blog, a continuation of these themes, and a look at what we’re offering on the AVPS side, to make 2015 a more secure year than ever!