A security breach is a high-impact event for companies of all sizes, placing sensitive data and the business’s reputation at risk. From the time of the breach, how it’s managed becomes critical as all aspects of information are now at risk – from personal information to payment information. Every business, no matter what industry they operate in or their size, should have a plan that outlines how to deal with a security breach.
In a recent episode of PayFAQ: The Embedded Payments Podcast, we spoke with Jessica Kirkpatrick, Senior Director of Risk, Fraud, and Underwriting at Payrix to discuss what happens after a breach. She helped outline how software companies can detect security breaches early, contain the breach if they occur, and help prevent them from happening in the first place.
How software companies can detect a security compromise
Too often, software companies find out about a breach because their customers contact them when they’re no longer receiving funds or notice unusual account activity. In these situations, the impact can be costly for the merchant and the software company. Regularly monitoring systems for a range of activities can help detect potential breaches early.
Key things to look out for include:
- suspicious network activity, such as unusual file transfers or login attempts
- sudden changes to critical infrastructure, system passwords or accounts
- suspicious network files that may or may not have been encrypted
- unusual banking activity and transactions
What are the first steps when a data breach occurs?
If a data breach occurs, software companies need to assess the damage and act swiftly to limit the impact. Software companies should:
- contain the breach and conduct a thorough investigation
- identity how the breach occurred and what system/s were accessed
- change passwords for the company and all merchants as well as their portfolios
- implement multifactor authentication when changing passwords
Next, gather facts and assess the risk
Once initial measures have been taken to contain the breach and protect the software company and its merchants, the extent of the damage and associated risk need to be assessed and mitigated. At this stage, companies should:
- evaluate the risk, including potential harm to individuals
- take action to remediate the risk of harm
- notify individuals impacted by the breach
- review the incident and implement measures to prevent future breaches
Implement measures to prevent future breaches
Moving forward from a security breach, the software company should implement ongoing measures to prevent future breaches. These measures include but are not limited to:
- managing access, such as implementing multi-factor authentication
- whitelisting IP addresses
- controlling and monitoring access for anyone who accesses the network
- create multiple approval levels and regularly review permissions
- educate employees and merchants on establishing robust cybersecurity policies
- avoid unfamiliar websites and downloads
- educate employees and merchants on common attack methods
- keep systems and firewalls updated, including antivirus protection, wifi network security, patch management systems, automated browser updates, and using a VPN when on public wifi
The biggest mistake is to do nothing
If a security breach occurs, the most dangerous course of action is to do nothing. Not only can this further damage a company’s reputation, but leaving vulnerabilities exposed can attract fraudsters to carry out another attack. Once the initial stages of a security breach are managed, the software company should then educate employees and merchants on preventative measures they can implement to contribute to the security of the entire organization.
Protect your platform with Payrix
Many companies don’t find out about security breaches on their software platform until the damage is done. Their users may stop receiving funds or start seeing unrecognized activity on their platform. Payrix helps software companies proactively address security to protect both their platform and its users. Listen to the PayFAQ: The Embedded Payments Podcast episode with Jessica Kirkpatrick, Senior Director of Risk, Fraud, and Underwriting at Payrix, for more information about what to do when a security breach occurs.