Penetration Testing Offers Data Breach Protection
What is penetration testing?
Penetration testing is a powerful means of preventing intrusion into your network and systems. It is performed by experts possessing the same experience, knowledge and skills as the most infamous Internet hackers.
Penetration testing probes for specific weaknesses, such as technical flaws that make your system vulnerable to hackers. Utilizing an effectual solution of automated tools and manual techniques, tests are run on software and devices within your system to inspect web applications and databases, and to search for malicious intrusions such as adware and spyware. Tests are also performed on various data security measures, including firewalls and intrusion detection systems.
Afterwards, you will receive a risk assessment that provides a detailed outline of the steps you need to take to eliminate vulnerabilities and greatly improve your data security.
Does my business need penetration testing?
Penetration testing of networks and Internet applications — both externally and internally — is required of organizations accepting payment cards in order to be PCI compliant. It’s also an essential practice for any organization concerned about protecting its data, intellectual property and business continuity.
The Payment Card Industry Data Security Standards (PCI DSS) states that “Vulnerabilities are being discovered continually by malicious individuals and researchers, and being introduced by new software. System components, processes, and custom software should be tested frequently to ensure security controls continue to reflect a changing environment.” More specifically, Requirement 11.3 designates that any business that accepts credit cards must “Perform external and internal penetration testing at least once a year and after any significant infrastructure or application upgrade or modification (such as an operating system upgrade, a sub-network added to the environment, or a web server added to the environment).”
What impact would a data breach have on my small business?
In its 2011 U.S. Cost of a Data Breach Study, the Ponemon Institute reports the average organizational cost of a data breach was $5.5 million, and while the penalties for a security breach while out of compliance can incur substantial fees, they are only part of the damage that a data security breach can do to your business. The damage experienced by a company following a data breach has lasting negative effects on brand equity and reputation.
Additionally, if your security is compromised while you are out of compliance, you run the risk of losing your merchant account, rendering you unable to accept credit cards. Merchants who lose their accounts are placed in the Visa/MasterCard Terminated Merchant File and are ineligible for another merchant account for several years. Devastating results can destroy your credibility, customer loyalty and ultimately put you out of business.
To determine if your business is PCI compliant, complete a self-assessment questionnaire. For more information on penetration testing and improving your security by maintaining compliance, contact your TransFirst® merchant services representative.