Small and medium businesses around the world are increasingly at risk for payment data theft. Nearly half of cyberattacks worldwide in 2015 were against businesses with less than 250 workers, according to cybersecurity firm Symantec. In order to help these companies protect themselves and their customers, the PCI Security Standards Council (PCI SSC) Small Merchant Taskforce has developed a set of payment protection resources for small businesses. In this series, we highlight security basics from the Guide to Safe Payments for protecting against payment data theft.
Hackers are constantly lurking around the Internet looking for “bugs” in software they can use to break into your systems. To protect yourself, you should be checking for these bugs too.
Bugs are vulnerabilities or flaws in software, like the software that runs on your computer and systems that take and process payments. Systems that are connected to the internet (like many payment systems) are the most vulnerable because they can be easily exploited by criminals. There are new bugs coming out all the time, and if not identified and addressed, they open up your business and payment card data to attacks by hungry hackers.
How can you protect against dangerous software bugs? The harder it is to get in, the more likely the hacker is to move on to an easier target. The key is to regularly check computers and systems connected to the Internet for these vulnerabilities and fix them. There are tools and vendors that can help you. Here are a few tips to keep in mind:
Find a scanning vendor: Talk to your bank and service provider to see if they have relationships with any PCI Approved Scanning Vendors (ASV), and for tips on selecting one with a program suitable for your small business. (See: List of PCI-Approved Scanning Vendors).
Get automated scans: Vulnerability scanning tools provided by PCI Approved Scanning Vendors help you by automatically searching your network to find bugs and reporting if you need an update, known as a “patch” to fix them. A scanning tool can do this for you automatically.
Get help with “patching”: Ask your ASV about how to “patch” or fix software bugs and issues found in the scans (See: SMB Security Tips: There’s a Patch for That! ).