What Wannacry Taught Us About Security

The Attack

“Wannacry” was a recent ransomware attack that victimized hundreds of thousands of merchants globally.  It exploited a vulnerability in Microsoft operating systems, which has since been resolved although the malware continues to spread through retailers systems via two methods:

  • The ransomware is disguised as an email attachment, which attacks the system when a user opens and downloads it.
  • A worm on a system that was already infected looks for other systems vulnerable to the attack and targets them.

The effects of this attack were devastating for the infected merchants in terms of financial loss, reduced consumer trust and the loss of confidential data. All merchants, whether or not they were targets of the attack, can benefit from adopting security measures and best practices to protect their sensitive information and bolster their systems against potential threats in the future.

Keeping Sensitive Information Secure

When it comes to consumer data, specifically payment information, security is an essential part of building customer loyalty. When consumers grant companies access to their private information, they are entrusting the business with the responsibility to keep that data secure.  There are a number of security solutions that Fidelity offers to keep information safe in the event of a system breach.

  • Fidelity’s PCI portal allows merchants to complete their PCI compliance obligations, as well as monitor the security of their firm using the PCI scanner tool. This scan can alert merchants to flaws in their system that can be corrected for maximum security.
  • Merchants should never keep full credit card numbers on file. Tokenization keeps credit card data offsite, so in the event of a data breach, customer data remains secure because it was never stored on the system to begin with.
  • For in-store transactions, EMV is a must. Not only does it reduce chargeback liability, but it also transmits payment information in a secure manner that is less vulnerable to data breaches.  
  • Online card testing scenarios and the like also have an array of fraud solutions, many of which are automated with Fidelity’s secure payment forms. Additionally, add-ons such as captchas and an online fraud solution help reduce fraudulent transactions.

Preventing Virus Intrusion

Aside from implementing the above-mentioned steps, it is critical for businesses to train their employees on safe computer usage habits. Specifically, by following safety best practices, companies can be better equipped to protect themselves against future data breaches:

  • Make sure that your operating systems are updated on all user workstations
  • Use comprehensive security tools to detect malware
  • Instruct employees never to download a questionable email attachment
  • Ensure that a firewall is in place at all times
  • Create a security-conscious culture in the workplace

Conclusions

Making security a priority is putting your customers at the forefront of your business strategy. Strong security builds consumer trust and prevents the significant hassles that result from a breach. By ensuring that sensitive data is kept secure and off-site and that security best practices are integrating within company culture – businesses can build an infrastructure that is both safe and efficient for years to come.