Protecting against a Credit Card Breach

With all of the credit card breaches that occurred during 2014 (closing out with the Chick-fil-A breach at the very end of the year), it is very important to setup defenses to ensure that your organization isn’t low-hanging fruit in the eyes of potential hackers. While it impossible to achieve a 100% guarantee against hackers bent on stealing your data, you can dramatically improve your odds against their success by taking steps to harden the network. Not doing so makes it a matter of when rather than if.

First and foremost, keep an eye on the traffic in your network! You should be monitoring inbound and outbound traffic for any significant traffic to IPs that aren’t confirmed to be within the corporate network (and even then, certain IPs shouldn’t be talking to others, so monitor for that too). When the logs display significant amounts of traffic to an IP that isn’t recognized, it is probably best to block off that IP if it can’t be determine who the other end of the tunnel leads to. Outbound traffic is important to monitor as well since rootkits installed on specific machines might be phoning private data credit card data. In both cases, a solid firewall solution is required to setup the defenses needed to protect your data.

As for intended access, such as by telecommuting employees or IT staff, it is important to secure remote access. Access to any sensitive piece of equipment in the network should be done by VPN to not only protect against attacks that have impacted the user machine, but also to defend against man-in-the-middle attacks. These types of attacks intercept data as it is transmitted, but if the data sent out is encrypted then all the attacker will receive is a bunch of useless 1’s and 0’s that won’t allow them to acquire anything of value.

Ensuring that software is up-to-date is important as well - if there is an exploit that exists for the programs being used that collect credit card data, and you haven’t patched it out, that is the equivalent of putting up a sign on your door that says ‘Attack here!’ Even if an attacker has gotten past your firewall, they still need to find the data inside the network, and one of the easiest places to start is any program that would logically work with those programs. These are usually password-protected, but if the version is out-of-date, it isn’t that hard to assume that an attacker might have an easy form of access. Note that even if the equipment in question is never connected to the internet that updates should be applied - attacks can still happen in the physical world, and if an internet-facing machine that is on the same network as the sensitive-data carrying server, it can still be penetrated, even without a direct internet connection.

Finally, the most important step in protecting against attack is to educate employees. Keep in mind that data can be stolen through lateral means, such as hacking an employee’s email address. If an attacker successfully performs a social engineering attack by pretending to be a member of a remote IT team, for example, they can use that information to set traps to steal the information that they really want. Employees might also unwittingly open the gate by using unauthorized applications (also called shadow IT) or by using compromised USB drives to copy work for use at home. Educate your employees about these potential threats to help to minimize the bad things that can occur within your network.