At the recent Mailorder Gardening Association conference, a representative from Johnny’s Selected Seeds, a well known and respected cataloger, shared their experience with a security breach and the steps they’ve taken to make sure it never happens again. It was chilling to learn how a company can be doing all the right things and still be compromised.
Brandi Moore of Ounce Labs, formerly of the AOL Operations Security Department, offered attendees advice on how to protect themselves from the same fate. Two takeaways:
1) Review the information available at the PCI Security Standards Council web site.
2) Make education of your employees a top priority. In the case of Johnny’s, the hacker used a valid user name and password to access credit card records. It’s believed that an employee unwittingly fell for a phishing scheme that allowed this to occur. According to Ms. Moore, well-meaning employees who fall for such tricks are the most common cause of security breaches.