The PCI Security Standards Council released a statement earlier this week warning about a recently discovered software vulnerability that security experts are calling ‘Ghost.’
The United States Computer Emergency Readiness Team, a division of the Department of Homeland Security, reported that Ghost affects Linux GNU C Library versions released before version 2.18. Cyber-criminals can exploit this weak spot to hack into the system and achieve administrative access, allowing them to delete files, steal data and install malware.
The PCI recommended that businesses take the following steps to bolster security:
- Apply the patch: If your system is compromised, ask your company’s Linux distribution vendor for the appropriate software patch. Implement the patch immediately, so your data can remain secure.
- Conduct scans: Make sure your team is conducting quarterly vulnerability scans to monitor the status of your security system. This will ensure that any patches you have used are working correctly.
- Consult IT professionals: Ask a team of professionals to identify any servers or systems that may be affected by Ghost.
- Review security practices: Take some time to review proper security procedures, guidelines and precautions with your employees. Security is in the hands of each individual who works with your business, so education is crucial for keeping data secure.
“A multilayered approach to payment card security addressing people, process and technology is critical in detecting and protecting against emerging attacks and vulnerabilities such as Ghost,” said The PCI SSC release.
If you haven’t upgraded your point of sale computer systems in a while, now is the time to make sure your security is in good shape. An investment in high-quality software will help protect your customers’ payment card information, while giving them an efficient transaction experience.