Credit Card and Software

Cybercrime Prevention The fate of Target when it comes to cybercrime is fairly well known. They hit the headlines for all the wrong reasons when their customers' credit card information was exploited during a holiday season in recent years. Given that and given the ominous and ever-present threat of cybercrime, this brief report shall serve as a good guideline to help prevent cybercrime events and damages, or at least mitigate them.

The lessons learned from Target's own breach are on full display in this report but there are other real-world lessons, events and principles that should also be considered and remembered.

Best Practices Invest in Software & Hardware • Do not go cheap or cut corners on hardware • Do not go cheap or cut corners on software • Make sure all software is fully functional and licensed • Ensure uptime of all systems is as close to 100% as possible • Use modern and state of the art hardware and software • Avoid using wireless internet when at all possible • NEVER use wireless internet to transmit credit card/sales information • NEVER use WEP wireless encryption (has been hacked) -- only enterprise level WPA, WPA2 or something similar (Ou, 2007).

• Update software and hardware periodically so as to keep on the cutting edge.

• Do smaller incremental updates rather than huge jumps • More like once every year or two rather than every five years or more Invest in People • Make sure to staff the information technology/security department as much as is needed to ensure security • Do not run a skeleton crew at any time • Make sure the people hired and staffed know what they are doing • Degrees • Certifications • Proven prior experience Adhere to Best Practices & Procedures • Network should be monitored for cyberattacks and anomalous activity at all times • Keep credit card and other sensitive information in the most secure part of the servers • Only people with "right to know" should have ANY access to those servers • All employees with network access should have PRECISELY the access they need • Nothing beyond that • Nothing short of it • Must be able to do job but not access things that they don't need to meddle with or see • Vendors access should also be controlled carefully (Winter, 2014) • Access only to what they need to do their job • Keep integrated in the system so that both vendors and Target have access • Conduct periodic penetration testing to see how good the current security is (BSIMM, 2017) • Keep up on modern trends and events and adjust cybersecurity setup as needed to remain current and proactive In the Event of a Breach • Execute emergency procedures to prevent attack from exceeding • Pinpoint precisely what happened • What areas were accessed •.