Franchise Update Media
Franchise Update Media Digital
Conferences Education Videos Subscribe

Protecting Customer Data: Identify and Remediate Online Vulnerabilities Now!

Do you know there's an to identify and predict how cybercriminals might get into your organization? Fortunately for already-busy franchisees, the process isn't as complicated as you may think. Vulnerability management is the simplest way for franchisees to locate and patch holes before would-be data thieves find and exploit them.

Vulnerability management is the process, implementation, and controls that identify the location of weaknesses in an infrastructure that could act as secret tunnels into your network. Ultimately, it's a critical foundation on which to build your business's network security.

While there is no such thing as being hack-proof, data thieves and cybercriminals are notoriously lazy. They would much rather go after low-hanging fruit than invest the time and trouble to break into a secured network or website. By ensuring that your business addresses and resolves known vulnerabilities, you dramatically limit your organization's exposure to hackers.

Before reading any further, you should first determine whether you have control over your own network security and vulnerability management. Some franchisors negotiate deals with vendors that take care of vulnerability management from the franchisor end. In other cases, the entire security process is up to each individual franchisee. In either case, some of the work ends up falling upon the franchisee. Since accountability varies on a case-by-case basis, I recommend that you contact your franchisor directly to discover how much of your vulnerability management is in your hands.

Managing vulnerabilities

The more systems, computers, and apps your company has, the more places a cybercriminal can find a weakness. Vulnerability management helps guard against common cybercriminal tactics such as back doors, buffer overflows, denial of service, and injection-related issues. The most common way of managing vulnerabilities is through vulnerability scanning. Other ways include:

  • developing or implementing applications created using secure coding guidelines;
  • updating security software with the most current version;
  • pre-testing and deploying vendor-supplied patches within a month of release; and
  • regularly using and updating anti-virus protection to protect systems from evolving malicious threats.

While all these tactics help impede hacker progression, vulnerability scanning is arguably the easiest way to discover holes in your business systems that cybercriminals could exploit, gain access to, and use to compromise your organization.

If your business processes, handles, maintains, stores, or transmits credit or debit card information over the Internet, you are required by the Payment Card Industry Data Security Standard (PCI DSS) to complete quarterly vulnerability scanning.

Vulnerability scans are automated, affordable, high-level tests that identify known weaknesses in software, and network structures. Some are able to identify more than 50,000 unique external weaknesses. Because cybercriminals discover new and creative ways to hack businesses daily, it's important to scan often. An added benefit of vulnerability scanning is identifying out-of-date services or missing security patches. This is a great way for you to identify patches or updates that might have been overlooked in your regular update schedule.

Make it a regular habit

Vulnerability scanning isn't just about locating and reporting vulnerabilities. It's also about establishing a repeatable and reliable process for implementing remediation month after month. Negative scan results that aren't remediated render all the scanning (and other security precautions) you just completed worthless.

After a scan completes, it's crucial to fix any located vulnerabilities on a prioritized basis. Our vulnerability support team recommends prioritizing based on risk and effort required. Continue running scans until the scan returns clean. Your PCI vendor or IT director can assist further in your vulnerability remediation and repair of vulnerabilities.

Finally, a quick note about vulnerability scans. Not all of them are created equal. It's important to ensure that a company with PCI Approved Scanning Vendor (ASV) accreditation conducts your scan. Shop around for an ASV that regularly updates their scanning engines and tests for at least 50,000 vulnerabilities. If scanning engines aren't updated regularly, criminals may easily be able to exploit the system you thought was secure. If regular scanning is important to you, select a vendor that allows you to conduct unlimited scanning without extra fees.

Vulnerability management is only a single component of PCI DSS, and not the only thing you should be doing to ensure the security of your business. However, I recommend it as one of the best things you can do to make your processing environment as secure as possible.

Luke Engelhardt is a support supervisor at SecurityMetrics, a provider of merchant data security and compliance for businesses worldwide. To learn more about vulnerability scanning, visit He can be reached at 801-995-6747.

Social Reach:

Viewer Response:

comments powered by Disqus

Hot Opportunities

Oxi Fresh Franchise Opportunity

Oxi Fresh
OXI FRESH is a GREEN Carpet Cleaning Franchise and one of Entrepreneur's...

Doc Popcorn Franchise Opportunity

Doc Popcorn
Doc Popcorn is revolutionizing the way people snack in high-traffic...

Jimmy John's Gourmet Sandwich Shops Franchise Opportunity

Jimmy John's Gourmet Sandwich Shops
Jimmy John's franchise success is built upon an unyielding commitment to...

Bricks 4 Kidz Franchise Opportunity

Bricks 4 Kidz
Bricks 4 Kidz provides project-based programs designed to teach principles...

Papa Murphy's Take 'N' Bake Pizza Franchise Opportunity

Papa Murphy's Take 'N' Bake Pizza
The world's largest, fastest growing Take 'N' Bake pizza franchise is...

Perkins Restaurant & Bakery Franchise Opportunity

Perkins Restaurant & Bakery
In today's market, the opportunity to buy a PerkinsĀ® couldn't be better...

Cheeburger Cheeburger Franchise Opportunity

Cheeburger Cheeburger
Cheeburger Cheeburger is the most creative restaurant on the Earth? Where...

Executive Care Franchise Opportunity

Executive Care
Executive Care is more than just a Senior Care company. We are a...


The Franchise Buzz:

A Franchise Update Media Group Production Franchise Update Media Group | P.O. Box 20547 // San Jose, CA 95160 // PH. (408) 402-5681
Copyright © 2001 - 2015. All Rights Reserved. Site Hosting Provided By: wishVPS on FUMG3
Your Request List:
No Opportunities Saved