Page 37 - Cyber Warnings - November 2015
P. 37
potential threats all help to effectively ensure PCI compliance and security on an ongoing basis.
Here are five additional best practices to help you can ensure PCI compliance and overall secure
infrastructure for the holiday season and beyond:
Remove the need to be PCI compliant, unless it’s absolutely critical. For example,
don’t store credit card data and customer information unless it actually benefits your
business. If you’re not storing that data, you mitigate your risk of being responsible.
Remove additional potentially sensitive information you’re storing, but don’t need to.
Make sure you understand what additional customer data you have stored, in addition to
how it is being stored. Remove the information you don’t truly need and ensure what you do
keep is encrypted—if you are attacked and your customer database breached, properly
encrypted data will be useless to attackers.
Improve network segmentation. Network segmentation—splitting the network to create
“zones” boosts performance and improves security, a win-win. The more you can do to
segment the network, the easier it will be to demonstrate compliance. When it comes to
compliance, some companies struggle with segmentation because they have created holes
in the network over time. Don’t fall into this trap.
Change default passwords. PCI doesn’t allow default accounts, but it’s easy to overlook
systems that are a part of the audit zone that may have default passwords. Think about all
the systems and applications that fall within an audit zone.
Build a relationship with your audit team. Most companies use external firms to do
security compliance audits. If you are in this category, make sure to have a close and
ongoing relationship with your audit team so you can rely on them for best practices and
recommendations.
Your security audits may not be taking place during the holiday season, but that’s when your
security measures are tried and tested the most. To avoid potentially destructive security situations
during this, the busiest time of the year, do what you can to ensure ongoing compliance, take
inventory of your data, your tools and security processes.
About the Author
Mav Turner is the director of SolarWinds’ security portfolio. He has worked in IT
management for over 14 years, including roles in both network and systems
management prior joining SolarWinds in 2009.
37 Cyber Warnings E-Magazine – November 2015 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
