Small and medium businesses around the world are increasingly at risk for payment data theft. Nearly half of cyberattacks worldwide in 2015 were against businesses with less than 250 workers, according to cybersecurity firm Symantec. In order to help these companies protect themselves and their customers, the PCI Security Standards Council (PCI SSC) Small Merchant TaskForce has developed a set of payment protection resources for small businesses. In this series, we highlight security basics from the Guide to Safe Payments for protecting against payment data theft.
63% of confirmed data breaches in 2015 involved taking advantage of weak, default or stolen passwords, according to the latest Verizon Data Breach Investigations Report.
Passwords are critical for computer and payment card data security. Just like a lock on your door protects physical property, a password helps protect your business data. Computer equipment and software out of the box (including your payment terminal) often come with default or preset passwords such as “password” or “admin”. These are commonly known by criminals and are a frequent source of small merchant breaches.
When it comes to passwords, the rule of thumb is use strong ones and change default ones. Here are a few tips to keep in mind:
- Change your passwords regularly: Treat your passwords like a toothbrush. Don’t let anyone else use them and get new ones every three months.
- Get help: Ask your vendors or service providers about default passwords and how to change them. Then do it!
- Make them hard to guess: The most common passwords are “password” and “123456.” Criminals try easily-guessed passwords because they’re used by half of all people. A strong password has seven or more character and a combination of upper and lower case letters, numbers and symbols (like !@#$&*). A phrase can also be a strong password (and may be easier to remember), like “B1gMac&frieS” (See this infographic for quick tips).
- Don’t share: Insist on each employee having their own login IDs and passwords – never share!