A look at recent breaches reveals the continued need for securing information. The Identity Theft Resource Center continues to collect an increasing amount of breach data (https://idtheftcenter.org/2018-data-breaches/ ), proving that criminals are still working hard at committing cybercrimes. Business data breaches no longer dominate news headlines, perhaps indicating a sense of complacency or business-as-usual view regarding data security. But businesses must remain vigilant in protecting the data that has been entrusted to them.
The PCI Council acknowledged that three data security essentials continue to be at the root of most data breaches. Focusing on remote access, passwords, and patching, businesses have a better chance of securing their data from cyberthieves.
Remote Access
One of the significant causes of data breaches, insecure remote access should be a focus for each business. A business should actively manage how and when its Point-of-Sale (POS) vendor accesses its systems. Prudent management includes limiting the POS vendor’s remote access to when it is absolutely necessary, requiring multi-factor authentication for remote access, and requiring remote access credentials that are unique and not the same as those used for the POS vendor’s other customers.
Passwords
The tenets of password security have been repeated time and time again, yet neglecting these simple practices has continued to cause data breaches for many businesses. Changing passwords regularly, and especially changing them from the vendor default, is the fundamental best practice for passwords. Ensuring each employee has an individual password, and requiring employees to use strong passwords should further minimize the risk of a password-related data breach.
Patching
Software vendors routinely issue updates or patches to address weaknesses in their software. Neglecting to install updates leaves businesses vulnerable to criminals who take advantage of flaws in a system caused by unpatched software. Best practices include tracking which vendors send updates, confirming how these software updates are regularly installed, and who is responsible for installing them.