Data Breach Prevention / Pci Compliance Tip Of The Week

Submitted by: Anx Regalix

Happy Friday everyone! It’s been another week in the trenches talking to merchants and corporations about PCI compliance and data breach prevention. I’m doing a weekly blog summarizing some key observations. My objective with this blog is to bolster knowledge, dispel myths, and spread valuable information on various topics within the PCI compliance realm.

Data Breach Prevention/PCI compliance Tip of the Week: Change your default passwords!

A stifling amount of large data breaches involving sensitive information center around a common and highly preventable mistake; not changing default passwords! This is one of the top methods of attack that hackers use to penetrate a network. In fact, password breach is consistently near the top of the list of data breach root causes. Let s take a look at the top 5 most common default passwords:

1. Password

2. changeme

3. welcome

4. password1

[youtube]http://www.youtube.com/watch?v=1tREiSBR1uk[/youtube]

5. abc123

Not changing default passwords is akin to leaving the key in your front door at night. Hackers can easily cycle through common passwords. Once they crack a password on one system; they immediately try the same password on other systems. All too often, they’ll find success with each subsequent breach attempt.

Password Tips:

Many of the people I spoke to this week did not have a policy that addressed password changes or complexity. A surprisingly large amount of people fail to realize that a strong password policy can significantly reduce the risk of a data breach. Now that you have this week s data breach prevention tip, let us go over some strong password selection criteria.

Do NOT use a variation of your name

Do NOT use a variation of your company s name or product

Do NOT use the name of a local entity (i.e. local icons, sports teams, etc.)

Do NOT use the same password that you use for multiple accounts (i.e. FB, Twitter, online banking, etc.)

REMEMBER that length and variation are both essential in formulating a data breach immune password. A password with three characters has 857,000 possibilities while a password with seven characters has over 69 trillion. Adding just a couple more characters to your password leads to an exponential increase in password security.

Stay tuned next week for another Data Breach Prevention/PCI Compliance Tip!

Company Background

ANXeBusiness Corp. (“ANX”) is owned by One Equity Partners (“OEP”), which makes private equity investments behind compelling business ideas and strong management teams. Established in 2001, OEP manages $8 billion of investments and commitments for JPMorgan Chase & Co. in direct private equity transactions. OEP acquired ANX in October 2006 from Science Applications International Corp. (SAIC), which had formed ANX in 1999 following the acquisition of the ANX Network from The Automotive Industry Action Group (AIAG.)

Prior to December 2006, the ANX core business consisted of an approved and mandated network for providing mission-critical data connectivity and transaction delivery solutions to the North American automotive industry including the original equipment manufacturers (“OEMs”) and the supporting vendors in their supply chain. Since being acquired by OEP, ANX has grown organically and through the following acquisitions:

Management Information Systems Group (MISG); December 2006. The MISG acquisition gave ANX a strategic position with customers in the automotive aftermarket who need B2B Transaction Management products and services to run their businesses efficiently. ANX supports customers with traditional EDI services, VAN consolidation, outsourced data translation and fully managed B2B collaboration and optimization, and is the only multi-provider of products and services in this area. ANX acquired MISG from the Motor Equipment Manufacturers Association (MEMA) and has operations for this piece of its business in Research Triangle Park, NC.

Virtual Services, Inc. (VSI); July 2007. Through its acquisition of VSI, ANX obtained a strategic position in the Product Lifecycle Management (PLM) portion of the extended supply chain. ANX is positioned to deliver products and service to companies that are deeply involved in the product development cycles for such industry verticals as Automotive and Transportation and Aerospace.

VPN Division of Positive Networks; September 2008. ANX added an award-winning remote access service suite with the acquisition of Positive Network’s VPN division. These products enable remote employees and vendors to securely connect to company resources through a cloud-based, software-as-a-service product. This acquisition established ANX as a major provider of IT solutions to the healthcare industry.

VPN assets of CSCI; October 2008. The acquisition of CSCI’s OfficeScreen managed security business further strengthened ANX’s capabilities in the retail sector and added a number of valuable channel sales partners.

S2S Communications; February 2010. The acquisition of S2S Communications added broadband and managed network services capabilities to the ANX product portfolio. Specific services include enterprise connectivity and transport aggregation across North America, VPN monitoring and management, and event log monitoring.

ETSec, Inc.; February 2010. The acquisition of ETSec expanded ANX’s managed security services portfolio and bolstered its cloud-based security offerings. ETSec provides managed security services to Fortune 1000 clients. The acquisition deepened ANX’s proficiency in the healthcare, laboratory and medical supply chain verticals.

TruArx, Inc.; August 2010. The acquisition of TruArx established ANX as a leading provider of IT Governance, Risk and Compliance (GRC) solutions and further strengthened ANX’s position in the security and compliance markets. ANX now provides over 16,000 clients with cost-effective, easy-to-implement IT governance, risk and compliance solutions, including the flagship product, TruComply. This software-as-a-service solution lets organizations quickly implement and continuously review control status to improve protection and reduce the cost of compliance and risk.

About the Author: To know more about this

anx.com/blog/view/data-breach-prevention-pci-compliance-tip-week

Source:

isnare.com

Permanent Link:

isnare.com/?aid=1394879&ca=Computers+and+Technology