October was cybersecurity month, and we are wrapping up by giving you our top tips and tricks to keep your site(s) safe all year long! Check out this full recap of the most effective best practices from PCI Security Standards Council, NordPass and Security Intelligence for keeping your site(s)’ network secure.
- Use strong passwords. The password 123456 was hacked more than 23.5 million times in 20201. Create unique passwords for each account containing 12 or more characters and update your passwords every 90 days.
- Keep software up to date. 9% of data breaches were a result of a hacker exploiting bugs that had a fixable patch for at least a year.
- Use strong encryption. Encryption makes card data useless if stolen by criminals by using a math formula to make plaintext data unreadable to people without having the decryption key.
- Use secure remote access. Insecure remote access is one of the leading causes of data breaches for businesses. Require multi-factor authentication and unique credentials for vendors, employees or contractors who need to access it.
- Properly configure firewalls. Set the firewall to stop all untrusted data transmissions to and from your point-of-sale and payment system. Prohibit direct public access between the internet and these systems, permitting only what is necessary for sales and card processing.
- Think before you click. Every day 80,000 people fall victim to a phishing scam, 156 million phishing emails are sent globally, 16 million make it through spam filters, 8 million are opened. Often these messages will look like they have been sent from your vendor. If you receive a message that is unexpected or out of context, call your vendor to verify the legitimacy of the email before you click or open any attachments.
- Choose trusted partners. Ask questions of your service providers. Are they adhering to PCI DSS requirements? How do they protect card data? Did you know you can ask your vendors to provide you with their PCI DSS Attestation of Compliance (AOC)?
- Provide awareness training for employees. Employees who have high levels of awareness are less likely to click a link that introduces malware. Employee training reduced the total cost of a data breach by $270,000 compared to the average total cost of a data breach ($3.92 million) in the 2019 IBM Security study2.
Be sure to share this list with all employees at your site(s) so that everyone on your team stays mindful when it comes to your business’ network. To keep these best practices top of mind, encourage your employees to set calendar reminders when passwords need to be changed, check on your firewall configurations anytime there’s an update and keep training up to date as fraud tactics are ever evolving.
1. Source: Top 200 Most Common Passwords of 2020 | NordPass
2. Source: What’s New in the 2019 Cost of a Data Breach Report (securityintelligence.com)