Menu

Every business needs to focus on Cybersecurity every day

By : Dustin McCreight

October 31, 2017 08:00 AM

For over 13 years, National Cybersecurity Awareness Month is observed in October to emphasize the importance of practicing vigilance in protecting computers and securing networks. Businesses must maintain laser-sharp focus on cybersecurity every day – not just during a specific timeframe as the number of U.S. fraud victims continues to rise. Despite intense efforts to combat this criminal activity, 15.4M Americans were affected by fraudulent activity in 2016, representing a 16% increase over 2015.

 

Cybercriminals are becoming progressively adept at modifying their tactics to keep pace with evolving technologies. Increased adoption of EMV cards is creating a shift to New Account Fraud (NAF) that entails criminals exploiting stolen Personally Identifiable Information (PII) from consumers – name, birthdate, social security number, etc. –  as an alternative to duplicating traditional mag stripe credit cards. In 2016, there was a 40% spike in card-not-present transactions, which involves criminals committing NAF or using stolen account information to make purchases online.

 

When we examine security risk factors in totality, whether it is a data breach focused on collecting payment card data and PII, or attempts to introduce ransomware and other malicious attacks on a network, understanding the fundamentals of securing your environment is paramount to help protect against cybercrimes. Effective preventive measures go beyond just securing payment card data, rather it focuses on the big picture of protecting your overall infrastructure by employing a number of security protocols, such as these:

  • Assess your organization’s risk of sensitive data being compromised. Make sure you know all the types of data that exist on your systems and ensure there are controls for who can access the data
  • Evaluate and understand the impact to your organization if sensitive data becomes compromised. Ensure you are prepared with strategies for not only preventing a breach, but that you have a response plan ready in the event a breach occurs
  • Determine if vendors have remote access into your environment and then take immediate actions to administer the appropriate restrictions
  • Implement a commercial grade firewall that manage inbound and outbound traffic. On sensitive network segments, such as the Cardholder Data Environment (CDE), it is imperative to configure policies that restrict traffic, except for those that are specifically defined as “trusted.” This may involve establishing policies with specific source and destinations, over specific protocols
  • Focus on securing the endpoint itself. Cybercriminals use specific tools such as key-loggers and memory scrapers for collecting sensitive data from endpoints.
  • Ensure you have an effective process for keeping systems up-to-date with security patches for all software on your system. Oftentimes, cybercriminals will exploit known vulnerabilities within software to carry out malicious attacks

 

Fortunately, in addition to traditional anti-virus products, there are many types of technologies that can help bolster the security posture of your endpoints. As an example, application whitelisting technology can prevent any “non-trusted application” from launching on the system and does not need to rely on specific definitions to do so.

 

NCR Network Security Services can help mitigate security risks for your business using these technologies and more. To get started on a plan for boosting security for your enterprise and preventing against cyberattacks, please contact your NCR representative or visit us on our website.

Dustin McCreight

Solution Manager

Other articles by this author

Dustin oversees NCR's Network and Security Services (NSS) offering which provides managed security solutions to thousands of customers across numerous business verticals. An experienced IT professional with a strong background in networking and endpoint security, Dustin possesses a unique understanding of the current security landscape as well as the numerous solutions available to help address them.