Challenges of PCI-Compliant Multi-Factor Authentication
In the era of ever-evolving cybersecurity threats, Multi-Factor Authentication (MFA) has emerged as a hallmark of robust user authentication. While the premise of MFA is straightforward, implementation nuances can introduce significant complexities, especially when aligning with Payment Card Industry (PCI) guidelines. The distinction PCI makes between multi-factor and multi-step authentication (MSA) presses developers into a challenging trilemma. This article explores this trilemma, the real-world MFA practices of major internet platforms, and the pitfalls in the PCI guidance.
Attention: Services Providers - Clients want to know how you protect their data
It would be careless to do business with someone before doing your homework. You need to make sure you understand exactly what you are getting into and that the other party is open, honest and acting with an acceptable standard of care. Conducting due diligence is common practice with today's business interactions. You see investigations into a company's financials, personnel, and business practices. With the cyber security environment we have today, IT and information security reviews during due diligence investigations are being given a higher priority as well.
IT Risk Assessment
To prevent any risk of a security breach, it is always a good idea to conduct a periodic risk assessment. A risk assessment will help identify the areas where your company is most susceptible to an attack from a hacker or thief. The fall-out from a security breach is enough to shutdown any business, but has the greatest impact on small businesses. In the event of a security breach a business could be hit with fines, additional compliance requirements, as well as bad publicity, any of which could be enough to force a business to close its doors and be out-of-business. Making security a priority and routinely assessing your security posture can protect your company against potential threats and reduce its risk exposure.
Wi-Fi for SMB - Things to Consider
I came across a good little article [^1] earlier in the week about setting up guest Wi-Fi and I think it should really hit home with many small business owners. Simply throwing up a wireless access point and connecting it to the rest of your network so guests can have internet access is a great way to cause yourself a whole lot of pain. Not only does doing something like that have harsh PCI compliance ramifications, your systems are wide open to anyone connecting to your Wi-Fi. Depending on the range your access point allows you could have a data breach without the attacker even setting foot on your property giving any physical controls you may have in place a zero chance of working.
Weekly Wrap Up Oct, 3 2014
This week's wrap summarizes the Jimmy John's data breach and the breach on Japan Airlines.