Our 12 Days of Tips series explores how small retailers can ACT now to repel data thieves during this prime shopping season. Awareness, Checking security controls and Testing security now will help your business lock down your systems during the holiday rush.
Merchants looking for more information on how to secure customer payment data should visit the PCI SSC merchant site.
Plugging Security Holes with Patching
Computer experts agree that all software has flaws. That means the programmers who created the software made mistakes when they wrote the code. Mistakes are also called security holes, bugs or vulnerabilities. Hackers exploit those mistakes to break into your computer and steal account data.
You can protect systems from those attacks by applying a vendor-supplied “patch” to fix the coding errors. For example, Microsoft’s “Patch Tuesday” is a monthly event where your Windows-based system downloads a cluster of patches to fix vulnerabilities and add functionality to programs.
Experts constantly find mistakes in old software, so new patches (“updates”) are a regular event. Swift installation of software patches is crucial for vital software applications. A PCI Approved Scanning Vendor can help you – they offer vulnerability scanners that can alert you to the need for applying a patch to a particular out-of-date application.
Patching is the foundation of securing your payment system from attack during the holiday shopping season.
Here are three simple steps to protect your systems with patching:
1. Regularly scan for vulnerabilities. Vulnerability scanning tools provided by PCI Approved Scanning Vendors help you by automatically searching your network to find vulnerabilities and reporting if you need to apply a patch. Some experts say critical systems should be scanned daily. A scanning tool can do this for you automatically.
2. Apply patches swiftly. At a minimum, install critical security patches within one month of release. It’s prudent to do this immediately upon release of a patch.
3. Use automatic updates. Many applications have a setting that automatically downloads and installs updates from a vendor.
Additionally, merchants can refer to the PCI Qualified Integrators and Resellers list for companies and individuals that have been trained by PCI SSC on patching and other payment data security essentials.
Resources that can help you:
Merchants looking for more information on payment security essentials should start here: