Under the Frost: Security Tips, Hearings & Getting Ready for Spring
Embracing Winter Traditions
Traditionally, winter is a time to burrow inside and prepare for spring: stitching up, repairing, and mending items for the outdoor season ahead. Under the frost security tips, plants are doing the same thing, getting ready to sprout and bloom in a few weeks’ time.
Preparing for the Thaw
Granted, “frost” is more metaphorical here in Southern California than reality, but it’s always a good time to ensure your data and customer transactions are as secure as they can be, especially in an environment of such rapid technological change.
Congressional Hearings on Data Breaches
Happily, there are no new breaches to report this week. However, as reported by the D.C.-based publication The Hill, the new Congress is gearing up to hold its first-ever hearing on such breaches and what can be done about them.
Legislative Efforts
“The hearing,” they state, “comes on the heels of the White House last week dropping its own proposal on the issue. Within days, Democrats in both the House and Senate pledged to introduce a version of the administration’s offering.
“The main goal of the effort is to create a federal data breach notification law that eliminates the
The effects of the White House-generated bill “would require breached companies to notify affected customers within 30 days. It may also mandate these compromised companies report their breaches to the government. The Federal Trade Commission could additionally be directed to create nationwide data security standards.”
As for how likely any of this is to become law in D.C.’s currently divisive climate, The Hill also notes that “the second two points have proved contentious in the past. But the first point has bipartisan support.”
Data Breach Prevention
Hopefully, then, no breaches involving your company will be part of any future 30-day reporting requirement! To help prevent that, here is the second part of our “security basics” as generated by Visa, and sent to participating merchants.
Mitigating Remote Access Vulnerabilities
One of the key areas of vulnerability to most systems — and the culprit in many of the most infamous breaches — is the “remote access” aspect of merchant and retail systems. Among the key points emphasized by Visa to mitigate risk:
- Restrict Remote Access: Only allow remote access from known IP addresses.
- Enable Remote Connectivity Sparingly: If remote connectivity is required, enable it only when needed.
- Unique Credentials: Ensure a unique username and password exists for remote management applications. If necessary, contact your support provider or POS vendor to doublecheck or update as needed.
- Keep Software Updated: Use the latest versions of both remote applications, security patches, and operating systems.
- Implement Two-Factor Authentication: Consider two-factor authentication for remote access, adding an extra layer of security.
- Password Security: Don’t use default or easily-guessed passwords, and restrict remote access to service providers on an “as needed” basis, for specific time periods.
Stay Tuned for More
Coming up in next week’s blog, a continuation of these themes, and a look at what we’re offering on the AVPS side to make 2015 a more secure year than ever!