Businesses encouraged to ditch WEP to ensure PCI DSS adherence

Businesses that currently operate older WEP security on their wireless networks are required to upgrade to WPA in order to comply with new Payment Card Industry Data Security Standards (PCI DSS) which come into force at the end of June.

Wired Equivalent Privacy (WEP) has been around for years and its relatively low level of security is easily exploited by hackers, as experts say that it takes seconds for malicious parties to crack WEP-protected networks and then steal personal data.

Business are required under the new PCI DSS rules to ensure that data which is transferable and accessible wirelessly is properly encrypted and requires thorough authentication before it is made available.

It is explicitly stated that the use of WEP is no longer acceptable and before the deadline of June 30th businesses will need to decommission any WEP protection and replace it with a more secure alternative.

Experts believe that the move away from WEP is a good thing and that WPA can benefit businesses of all kinds, even if PCI DSS does not actually apply to their operations. In an article for Search Security, Mike Chapple said that businesses that currently rely on WEP are doing nothing but presenting a facade of security that is easily breached by someone with only modest hacking skills.

Mr Chapple says that the barriers blocking the switch from WEP to WPA have been virtually eliminated, as hardware is generally compatible with both standards because manufacturers have had six years to adapt products.

Experts warn against complacency in these matters, as even businesses that believe they are properly protected often find that WEP is still being used in certain areas despite the existence of compatible hardware. For others, the time for an upgrade has come in order to avoid falling foul of the PCI DSS.

There is a distinct possibility that some businesses will be inadvertently running WEP, or have a so-called rogue WEP network active, forming a weak link in the chain of data protection.

Our Customers

  • ATOS
  • Age UK
  • Alliance Pharma
  • Liverpool Football Club
  • CSC
  • Centrica
  • Citizens Advice
  • City of London
  • Fujitsu
  • Government Offices
  • HCL
  • LK Bennett
  • Lambretta Clothing
  • Leicester City
  • Lloyds Register
  • Logica
  • Meadowvale
  • National Farmers Union
  • Network Rail
  • PKR

Sales question? Need support? Start a chat session with one of our experts!

For support, call the 24-hour hotline:

UK: 0800 999 3600
US: 800-220-7013

Or, if you've been given a screen sharing code:

Existing customer?

Click below to login to our secure enterprise Portal and view the real-time status of your data protection.

Login to Portal