How Retailers Can Keep Systems Secure and Stay PCI Compliant5 Dec
Retail security has been big news over the past few years, and especially in 2014. By now most of us are familiar with the data breaches that affected two major U.S. chain stores, Target and Home Depot. Of course, there have been a myriad of breaches at other retailers including Staples, Michaels, and more recently Bebe just to name a few. This is certainly an alarming trend as consumers put a lot of faith into retailers to not only keep their information secure, but to recognize threats before they have the chance to wreak havoc on consumers and the brands they adore.
What’s more concerning is we have now entered one of the high frequency shopping periods during the year – the holiday season. Consumers far and wide are spending billions of dollars on gifts for friends, family, and themselves resulting in a mind-blowing number of actual transactions. This is in addition to the already large number of transactions that occur on any given day. While consumers struggle with how to keep their information better protected, retailers have a much tougher job to do. All is not lost, however, and many retailers are taking more prudent measures to save the face of their brand and keep customers coming back without fear.
So, what can retailers do be more secure at endpoint while avoiding possible fines for PCI compliance failure?
One of the first things IT professionals can do is determine which data is PCI relevant. This doesn’t necessarily mean ignoring certain data, it simply means determining which data is in-scope so that IT professionals know where to focus the most energy. Segmenting data can help streamline all processes and security audits so you can better recognize threats.
While it’s easier said than done sometimes, it’s important to keep endpoints 100% secure. Many brands use a third party vendor to manage customer transactions. This includes hardware and software. Several of the recent data breaches that have taken place have allowed too much access for the actual vendor. Since the brand’s IT or security staff is not part of the vendor’s IT security plan, there is often a disconnect here that results in vulnerability. Limiting vendor access and seeing endpoint transactions and data in real time can help keep this part of the infrastructure more secure.
PCI compliance requires that retailers keep a real-time inventory of endpoint. Retailers can avoid failures in PCI compliance by using a combination of cloud based reputation software, continuous monitoring, and trust-based security. This also leads to the ability to run security patches when needed as opposed to a pre-determined schedule.
Are we beginning to see a trend here? The phrase “real-time” is becoming more and more important. Seeing things as they happen is the cornerstone to security. In the past it was normal to see activity at a later time and then take action based on what you see. Now, being able to recognize what is happening with your systems at the exact time they’re happening is the most important factor. In essence, there is no time to lose. Hesitation can lead to devastation and can do so very quickly.
Ultimately, while it’s important to continually monitor, keep anti-virus up to date, and build measurable intelligence there is one thing most entities fail to do. That is creating an actual security policy.
We can talk all day about what you can do to mitigate risk and avoid compliance fines, but in the end it only works if your teams understand the risks, understand what needs to be done, and how to do it. This essentially allows administrators to monitor for compliance in whole. Not only does policy keep people informed and educated, it allows administrators to easily maintain data for security audits and again avoid PCI compliance failure and fines.
Keeping things secure and maintaining compliance is no simple task, but there is help out there if you’re unsure of how to proceed in implementing new security measures. Of course, Neovera specializes in data security and business continuity and will ensure your organization has an effective plan to keep the brand humming and your information secure.