As small and medium businesses begin to re-open following the pandemic, it’s important to do so securely in order to protect customer’s payment card data. Too often, data breaches happen as a result of vulnerabilities that are entirely preventable. The PCI Security Standards Council (PCI SSC) has developed a set of payment protection resources for small businesses. In this 8-part back-to-basics series, we highlight payment security basics for protecting against payment data theft. Today’s blog focuses on keeping software patched.
Unpatched software is one of the leading causes of data breaches for businesses. Often, software has flaws or mistakes made by programmers when they wrote the code. Vendors regularly issue updates known as patches to fix these software vulnerabilities. When businesses don’t apply software patches from vendors, hackers exploit these vulnerabilities to break into their computers and systems and steal payment data.
Timely installation of security patches is crucial to minimize the risk of being breached. In order to apply patches quickly, it is important that you know how your software is being regularly updated with patches and who is responsible (it could be you!).
Here are some tips to keep in mind:
Identify which vendors send you patches: It is important to identify which vendors send you patches including vendors of your payment terminal, payment applications, other payment systems (tills, cash registers, PCs, etc.), operating systems (Android, Windows, iOS, etc.), application software (including your web browser), and business software.
Talk to your vendors about patches: Make sure your vendors update your payment terminals, operating systems, etc. so they can support the latest security patches. Ask them how patches get added (some install automatically when they become available) and who is responsible. Find out how they notify you of new security patches, and make sure you receive and read these notices. (See this infographic for quick tips)
Install patches: Follow your vendor’s instructions and install patches as soon as possible.
Don’t ignore e-commerce: E-commerce businesses should look out for patches from your payment service provider. Ask your e-commerce hosting provider whether they patch your system (and how often). Make sure they update the operating system, e-commerce platform, and/or web application so it can support the latest patches.