Intelligent SME.tech Issue 05 | Page 27

intelligent

// PREDICTIVE INTELLIGENCE // and symbols . Using a basic laptop and readily available software , a hacker could likely crack that password within 90 seconds .

• Option 2 : You generate a 15-character password with only lowercase letters . Using the same computer , the hacker would need an exponentially longer time to crack the password .
That ’ s a rudimentary example , but I encourage you to try some online password security calculators on your own . Although you might see different results among the various approaches , the main takeaway is that longer passwords equal stronger passwords – and the magnitude of difference can be surprisingly large .

2

Use logging and tracking for all your systems
There ’ s a fundamental rule in IT – if you don ’ t know what ’ s in your environment , you can ’ t properly secure it . Taking inventory and tracking all your systems is critical to defining the scope of your cardholder data environment ( CDE ) that ’ s subject to PCI compliance .
This process of using a one-time special access code or performing a time-sensitive task is great for verification . Most MFA solutions combine two of the following factors : What you know ( like a password ), what you have ( such as a phone or a security fob ) and who you are ( biometrics like a thumbprint or facial recognition ).
I simply can ’ t recommend MFA highly enough . To put it bluntly , there ’ s probably no faster , easier , catch-all security improvement that helps prevent cybercrime .
Keep your PCI compliance team productive … and happy
Even if these three security recommendations seem like no-brainers , you ’ d be shocked at how many companies neglect to implement them . If your IT team is already on board , that ’ s great .
Just continue refining your security environment as you go . But if you aren ’ t taking advantage of these areas , there ’ s no better

THERE ’ S A FUNDAMENTAL RULE IN IT – IF YOU DON ’ T KNOW WHAT ’ S IN YOUR ENVIRONMENT , YOU CAN ’ T PROPERLY SECURE IT .
The first step is to activate logging and then track everything in a central area . By collecting data and reviewing your logs , you ’ ll quickly learn a lot about your environment . Many tools can help you automate these processes – and you can easily monitor your systems and set notification alerts for whenever something changes .
Doing so will help you detect unusual data traffic or potentially malicious behaviour , such as when an intruder attempts to access your systems . Carefully reviewing your logs will also help you identify any broken or poorly performing systems sooner . More often than not , you ’ ll discover easy fixes that deliver a fast ROI in terms of improving security .

3

Implement MFA everywhere you can
You ’ ve likely used MFA ( also known as ‘ 2FA ’) in your personal life when you ’ ve accessed an online financial site . After you log on , the site asks you to provide a one-time verification code sent to you via text or email . time to start . Your PCI compliance team will definitely appreciate you making their lives much easier . �
Intelligent SME . tech
. tech
27