Security and compliance have been two of the more important topics of conversation among retailers for several years now, as some of the more devastating and massive data breaches took place within this sector. Although payment data is not necessarily the most sought after information among cybercriminals, with that distinction now being held by the more valuable health care category, regulators, watchdogs and law enforcement are not slowing their efforts to ensure the safety of retail and transaction processing activities.
So much of the conversation has been related to the management and encryption of data, as well as provisioning new card technology, point of sale systems and other tools to reduce the risk of breach. However, one component that has been left out and could easily be viewed as a glaring omission of sorts is network security, which will only become more critically important to compliance as mobile payments catch on.
The brass tacks of network security
Retailers need to remember that the payment data within transactions is traveling through networks, whether they be mobile or otherwise, and those channels need to be regularly checked to comprehensively manage protection. After all, only focusing on endpoints or the data itself will indeed go a long way in defending information from exposure, but will not necessarily make any difference with respect to theft.
It is worth noting that several researchers have shown that even the most complex encryption ever created can still be broken by skilled hackers, which is why total management of systems, including network monitoring, is so important. Information Age recently listed some of the main considerations to keep in mind in this conversation, affirming that penetration testing of Web applications is critical, and that patch management procedures should take place relatively frequently across infrastructure and systems.
According to the news provider, business leaders will also want to become a bit more intelligent and diligent in their creation and management of admin privileges, usernames and passwords, as access control is perhaps the most powerful weapon against network intrusions. Identity and access management solutions can help retailers ensure that the only individuals capable of acquiring sensitive information are authorized to do so.
Finally, Information Age noted that segregating networks can be helpful for certain types of environments, pointing out that those which contain cardholder data are certainly relevant to this process, and that firewalls need to be accurately configured at all times to avoid vulnerabilities.
Not an option
Again, although the majority of security and compliance conversations have been linked to the data itself, retail leaders who want to truly reduce their level of risk need to also focus on the backend systems used to collect, store and transmit sensitive information. Hackers are becoming increasingly skilled at identifying vulnerabilities and capitalizing on them, but more comprehensive adherence to PCI DSS compliance and other best practices will help retailers to reduce the number of pathways cybercriminals have to break into data storage environments.