As small and medium businesses begin to re-open following the pandemic, it’s important to do so securely in order to protect customer’s payment card data. Too often, data breaches happen as a result of vulnerabilities that are entirely preventable. The PCI Security Standards Council (PCI SSC) has developed a set of payment protection resources for small businesses. In this 8-part back-to-basics series, we highlight payment security basics for protecting against payment data theft. Today’s blog focuses on using strong passwords.
Passwords are critical for computer and payment card data security. Just like a lock on your door protects physical property, a password helps protect your business data. Computer equipment and software (including your payment terminal) often come with default or preset passwords such as “password” or “admin”. These are commonly known by criminals and are a frequent source of small merchant breaches.
When it comes to passwords, the rule of thumb is use strong ones and change default ones. Here are a few tips to keep in mind:
- Change your passwords regularly: Treat your passwords like a toothbrush. Don’t let anyone else use them and get new ones every three months.
- Get help: Ask your vendors or service providers about default passwords and how to change them. Then do it!
- Make them hard to guess: Unbelievably, some common passwords are “password” and “123456.” Criminals try easily guessed passwords because they’re used by lots of people. A strong password has seven or more character and a combination of upper and lower case letters, numbers and symbols (!@#$&*). A phrase can also be a strong password (and may be easier to remember), like “B1gMac&frieS” (See this infographic for quick tips).
- Don’t share: Insist on each employee having their own login IDs and passwords – never share!