Last week on the blog we highlighted the types of businesses, namely food and beverage services (e.g. restaurants) that are the most frequent victims of cyber-crime. Becoming PCI compliant and maintaining your PCI compliance is the easiest, fastest and most complete way to protect your customers’ sensitive authentication data, and by extension, your business’s proprietary data. Though restaurants and other aspects of the food and beverage service industries are the most often attacked by hackers, some other business types and formats have also been observed to have a higher incidence of data breaches. We’re not saying get out of the business you’re in if you are at higher risk, just be aware that the hackers out there view your business as a higher value target.
A major industry QSA (a.k.a. qualified security assessor) published a report this year that was compiled from a series of investigations and vulnerability tests throughout the year 2011. Chain stores and franchises exhibit a particular characteristic attractive to data hackers. These types of businesses tend to use the same IT systems in all of their locations for the easy implementation inherent to conformity. It’s not a stretch to now realize that if a hacker circumvents one location’s network security, it stands to reason that they can overcome other locations as well. In 2011 over 30% of all data breach investigations according to the QSA and they predict that percentage will rise this year.
Among the findings in the report it was noted that businesses are far too lax with regard to their password requirements. In an analysis of over two million passwords used by businesses they found the most common to be Password1 as this meets standard default password requirements of at least one capital letter, at least one lower case letter, and at least one number. To add a new dimension of complexity and an exponential number of possible password combinations, have your IT systems administrator require a symbol or non-letter/non-number character.
One of the most interesting discoveries of the QSA’s report is there is actually a specific hour of the day that is the most risky. If you are one of those who tend to open emails immediately when they’re received (unlike me who lets them pile up) then know that the most common time for an email sent with a malicious attachment is between 8:00 a.m. and 9:00 a.m.
Is your business PCI compliant? If not it’s time to ask yourself why. Network and data security is becoming more integral to our lives every day, especially in business. Visit our home page today to find out how your business can be PCI compliant and maintain its PCI compliance at no cost to you.