With the holiday season coming up soon, many businesses, both brick and mortar and online, will process a great deal of customer credit card information. This information will be stored and transmitted and must be protected from loss or compromise. The Payment Card Industry Data Security Standard (PCI-DSS) is the standard for compliance and is important year-round. Is your business compliant? If not, how can your business reach that standard? Read on to find out more about this important issue.
Not Just a Compliance Issue
According to a COMPTIA resource, compliance is connected with overall network security. If your business is security-minded, then compliance is a natural next step. Many retail companies must protect their customers’ credit card payment information, and PCI-DSS is a common-sense standard based on good IT security practices. With the possibility of a data breach being very real, having a strong network security policy is a must. Security is part of the operational risks of a business, and PCI-DSS compliance lessens the risk of lost or compromised data.
The Human Element in Compliance
Not only should the business’s technological components be able to meet the standard, but employees should know best practices for keeping customer financial data safe. With companies providing devices for employees, as well as the Bring Your Own Device (BYOD) initiatives in many companies, mobile security is an important aspect of complying with PCI-DSS. The COMPTIA guide cites the Ponemon Institute’s finding that 62% of lost or stolen devices contained sensitive corporate data; lagging behind at just 39% is the percentage of businesses with security in place. Employees trained to follow the security best practices of their employer can also be educated in how to safeguard customer data.
For any company doing business online and elsewhere, and which handles customer payment card information, compliance with PCI-DSS is an important part of overall network security. If you need help determining your company’s level of compliance, and with becoming compliant, contact your technology advisor today.