PCI Security Standards Council released a warning earlier this week about a new software vulnerability detected that the organization is calling 'Ghost.'
The United States Computer Emergency Readiness Team reported that Ghost affects Linux GNU C Library versions before version 2.18. Cyber-criminals can exploit this vulnerability to hack into a computer system and take administrative control of the network, deleting files, installing malware and stealing data. It's therefore crucial that companies invest some time and resources into making sure their systems are fully secure, especially ones that process payment card data.
The PCI Security Standards Council recommend that organizations take the following steps to ensure their security:
- Apply the appropriate patch: If your business is using the affected version of Linux, then it's important that you contact your Linux distribution vendor to receive and implement the correct patch. This will decrease the likelihood of a hacking attempt on your company being successful.
- Conduct quarterly scans: It's a good idea to conduct quarterly vulnerability scans on your software to make sure that your system's patches are properly installed and will be effective against any cyber-attacks that might occur.
- Follow regulations: By making sure your employees incorporate the appropriate security regulations into every transaction, you'll be helping to maintain strong security at your place of business. A great deal can be accomplished when a company's associates are conscientious and vigilant in their security practices.
- Test your public-facing apps: Utilize security assessment tools to confirm that your public-facing applications are secure, including those software features that allow employees to gain remote access to your systems.
- Work with your IT team: Consult your in-house professionals to identify exactly which applications, servers and systems might contain security vulnerabilities or endanger customer payment card information.
The PCI Council's press release also included a more general warning from the United States of Homeland Security to maintain security as a top priority.
"The PCI Council reminds all organizations that a multilayered approach to payment card security that addresses people, process and technology is critical in detecting and protecting against emerging attacks and vulnerabilities, such as Ghost," the press release stated. "A daily coordinated focus on maintaining the controls outlined in the PCI Standards making payment card security a business as usual practice provides a strong defense against data compromise."
Whether your business is using the affected version of Linux or not, take this opportunity to conduct a full review of your system's security features and possible vulnerabilities. Your customers trust you to keep their payment card information private, so upgrade your credit card processing software to make sure you're receiving the most sophisticated security features currently available on the market. An investment in your business' security is always well-spent and will pay you back in consumer trust and loyalty.