With the confirmation of yet another credit card data breach, it is becoming increasingly imperative that companies take immediate action to secure their networks and systems which process credit cards, including all point of sale (POS) devices. The latest victim of data breach is Hershey Park, who has confirmed that malicious software had been unknowingly installed on their payment card system. According to recent information, the software that was installed was designed to steal the data while it was being transmitted to the payment processor. It is extremely important that companies take a variety of steps to prevent similar compromises from happening within their organization.
First, companies must ensure that they are using up-to-date compliant credit card processing mechanisms. A great example of a solution rising up to fill this need, especially within the point of sale realm is Point by VeriFone. Their solution offers such features as EMV Chip Card support, complete end-to-end encryption (E2EE), and NFC support for certain providers. They strive to protect data from the second it is swiped or inserted all the way back to payment processor.
Second, companies must ensure that their networks are properly segmented, secured, and have proper access control systems in place. It is vital that companies separate their payment card systems from the rest of their networks in order to limit the vector by which they can be attacked. These areas should then be enclosed in tight access security controls, which should include multi-factor authentication as a one of those access controls. For more information on network segmentation and its importance, continue reading here.
Third, it is crucial that companies employ a strong antivirus/anti-malware and endpoint protection solution that is designed to protect against emerging threats and attacks just as much as it is designed to protect against known threats. Sophos’s endpoint protection solution does an incredible job in this area by providing a combination of detection mechanisms including signature-based, behavioral analysis, and heuristic scanning. Further reading on why signature-based-only detection is not sufficient is available here.
Ultimately, there are many things that can be done to protect your organization and limit the scope via which you can be attacked. The aforementioned steps should be considered a starting point, not a complete solution. In any case, regardless of where your company currently stands with their security footprint, it is never too late to begin increasing your security stance.
For more information, security audits, remediation assistance, or other consulting/professional services, contact firstname.lastname@example.org or 855-477-4842.
DataPrivia, Inc. is an information technology and information security company comprised of innovative technology experts. We provide managed and professional services across the United States with offices located in Nashville, TN, Dallas, TX, and Lynchburg, VA.