Sometimes good security hygiene is not about shiny, new tools or big-budget initiatives. It’s about a few simple things done consistently and well. Here are five top tips for maintaining good security.
1. Patch regimes
Software can have flaws that are discovered after release. These mistakes by programmers can be exploited by hackers to break into computer systems and steal data. So, it’s important that all organisations commit to and follow a robust patching regime.
If you’re not sure how patches get added or who is responsible - you or your suppliers - find out. End-of-life software is unsupported, and cannot be patched, so be sure to keep your software current.
2. Automate updates where you can
New bugs and vulnerabilities are found daily so it may not be possible for staff to keep on top of this manually. Some updates may install automatically when they become available.
Anti-virus software can be set to automatically update so you always get the most recent protection available. The same applies to tools that automatically scan for vulnerabilities and misconfigurations in internet-facing payment systems, e-commerce sites or networks.
3. Protect access to your sensitive data
Twenty-seven percent of data breaches involve an internal actor, according to an IBM report.[1] Not everyone in the business needs access to everything. Set up your systems on a need-to-know basis, granting access to data, applications and functions relevant by role.
For example, employees may be able to take payments but not process refunds. Or to take new bookings/orders but not to access data related to existing ones. Some employees may not need access to payment or booking details at all.
4. Be password-savvy
There’s no point locking your front door but leaving the ground-floor windows open. Similarly there’s no point requiring passwords but not changing them from the default factory settings.
‘123456’ is not an effective password. Nor is ‘password’, or ‘qwerty’ from the top row of letters on a standard typewriter. These are still among the top 10 most common passwords, that security firm SplashData compiled from more than five million leaked passwords.[2]
Longer passwords are becoming more prevalent, but if their patterns are easy to guess, their extra length has little value as a security measure. Make passwords difficult to guess. Change them regularly. Ensure that any vendors or suppliers with access to your systems do the same. And don’t share passwords with colleagues or across systems.
Where ever possible implement multifactor authentication which requires a one time code as well as a username and password.
5. Only store what you need
If you don’t need data, especially card data, don’t store it. Securely destroy or shred it. If data exists in physical paper form, keep it under lock and key to restrict access.
Make sure that any data which you store is useless. Tokenisation replaces sensitive card data with a token, which can be used across various front- and back-end systems instead of the real card data. Encryption turns plain text into cypher text which is difficult for hackers to decipher.
How PXP Financial can help
PXP Financial’s secure payment services help all types of businesses reduce their risk exposure. Our tokenisation works across channels, countries, brands/franchises and retrospectively on stored card details. This simplifies compliance and delivers operational, cost and marketing efficiencies.
We also offer point-to-point encryption as an application or as a full solution. Both have been tested by trained P2PE assessors accredited by the Payment Card Industry Security Standards Council (PCI SSC) against the standard.
For more information or a consultation, e-mail sales@pxpfinancial.com or complete your details on the contact form below.
[1] 2018 Cost of a Data Breach Study, IBM Security / Ponemon Institute, July 2018, https://www.ibm.com/downloads/cas/861MNWN2
[2] https://www.teamsid.com/splashdatas-top-100-worst-passwords-of-2018/