Protect your wireless network from security breaches before wireless hackers dip into your data and your pocket – II

What if I don’t have wireless in my retail environment?
This is a question often asked by a retailer. An important point to keep in mind is if a retail environment does not have wireless, it does not eliminate the need for wireless scans or intrusion detection. The whole purpose is to identify rogue wireless access points. It cannot be done without checking for wireless intrusion. Physical inspections are important but it does not complete the process and can only go so far. Unless you are checking for wireless activity – you cannot determine if there is a rogue wireless access point.

One of the reasons that wireless networks are so vulnerable to data breaches is that, unlike wired networks, they do not utilize a physical barrier. This lack of a physical barrier allows hackers to easily find unprotected and even undetected wireless access points, leaving your cardholder’s data accessible to anyone capable of wireless intrusion. These factors are exactly why PCI DSS standards require all organizations that store, process, or transmit cardholder data to secure their wireless technology, whether the technology is used intentionally or not.

PCI DSS standards also state that:

• A network must be tested for the presence of wireless points and unauthorized wireless access points on a quarterly basis.
• Pertinent organizations use an intrusion detection and/or protection system that monitors traffic and wireless access points. The system must also alert personnel if there is a potential compromise.
• Any intrusion detection and/or prevention systems that an organization has should be kept up-to-date.
• PCI DSS compliance standards require all organizations that store, process, or transmit cardholder data must secure their wireless technology, whether the technology is used intentionally or not.