As you may know, the continuous battle between hackers, malicious software, and data security gurus is a continual game of cat and mouse like many things. Some of you have heard the adage that “it’s not a matter of if, it’s a matter of when” you will experience a data breach.
In the data security arms race, bad guys are using very sophisticated means of exploiting computer networks around the world. These same tools are available for purchase or rental in criminal forums on the dark net. Although your first thought may be that they won’t come after you because you’re “not one of the biggies,” you should know that over 90% of data breaches are to small and medium businesses. The thought of much of this is scary and you may feel somewhat helpless. However, there are tools that can help with some effort.
First, we mention the importance of PCI compliance. Yes, the groans are audible as no one likes compliance – we don’t like to be told we have to do something that may distract us from running our business. However, about 1 in 5 businesses fail after a data breach due to related costs and reputation damage. It’s a very real risk. As a compliance framework, PCI’s goal is to be a tool that helps point out the weakest points in your network and data security so that they can be addressed.
As the first generation that has had to manage today’s technology, it’s important to understand that computer technology requires management. The “set it and forget it” approach will bring risks to your business. If we don’t have internal technical staff to manage it, we may have to contract with external IT resources to properly manage the systems that contain not only our business and employee information, but also the sensitive information on our customers – including credit card data.
A basic protection we should be using is an anti-virus/anti-malware solution which we’ll refer to simply as “a/v.” These solutions are changing a lot right now as they migrate from being signature based (has to recognize malicious software that has been added to a negative database) to next generation a/v which may use artificial intelligence, machine learning, or applied mathematics to do their job. The effectiveness of signature based a/v has come under fire as being too slow and having to rely on malicious software being added to a database before you are protected from it.
Some of the next generation a/v solutions can recognize malicious software in real-time. You can imagine the benefit. We are linking a recent related article from the Wisconsin State Journal.
We should also mention that we are currently working with our PCI compliance partner, Trustwave, on developing a security tools bundle that will be available to our customers. The tools will include an a/v solution and other services to help our customers secure their computer networks. One of the best parts is that they will also help fulfill a number of PCI related requirements. Please watch for future communication on this.