Yahoo is the latest company to be made a headline in today’s modern marketplace with the announcement of over 500 million users being affected by a data breach of their information in Yahoo’s possession in late 2014. Companies of all sizes and of all types need to take the steps necessary to minimize the risks of cyber breaches to avoid what may result. In particular, in the inability to continue accepting credit card payments. Today many companies hire security specialists to evaluate their business for possible risks or have an in-house specialist.
Organizations who store credit card information online need a plan to protect against data loss which includes action plans in the event of a breach. A comprehensive plan will demonstrate to any affected parties that you have systems in place and that staff are trained to deal with such situations to limit damage. “As a responsible company who wants to protect their data, “began Fig Pay’s Vice President of Sales, Darren Gibson, “There are definitely tried and true steps that can minimize, if not stop altogether the vulnerabilities a data system has.”
Here are a few best data practices Mr. Gibson includes in their protection plans:
- Minimize the amount of data you store
- Don’t collect data that is not absolutely required
- Limit employees who have access to sensitive data and limit that to only when needed
- Delete any data responsibly if no longer required
- Schedule regular risk assessments to account for any liabilities and risks in an ever-changing environment outside and within your company.
- Encrypt data in transit or in storage but be aware encryption can be broken so use in tandem with other security methods.
- Ensure software is kept up to date with security updates and relevant patches.
- Ensure all business partners use the same level of security in compliance with relevant federal or PCI regulations.
- Adhere to all PCI compliance standards
Evaluate, Plan, Monitor, Assess, Update.
Having a PCI compliant payment processing system will go a long way to protecting your organization’s data and that of your valued customers. Fig Pay and it’s representatives can assist you in doing that. However, compliance does not equal 100% security so vigilance is always required to remain up to date with any developments. According to the PCI Council’s website, “The Council maintains, evolves, and promotes the Payment Card Industry Security Standards. It also provides critical tools needed for implementation of the standards such as assessment and scanning qualifications, self-assessment questionnaires, training and education and product certification programs.” (www.pcisecuritystandards.org)
The council is constantly monitoring possible threats and working to improve the ability of the industry to deal with them through improvements to the PCI standards and rigorous training of security professionals. Fig Pay for example, has continued in developing the partnerships that keep your organization and your consumers safe. “We have talked with the industry insiders,”Mr. Gibson concluded, “and forged a connection that is greatly advantageous for you as a business professional that will keep your data out of the hands of those hackers who want it.”
Fig Pay’s partnership with Protocol PCI also offers Awareness training for anyone interested in further learning about payment processing security thereby assisting overall awareness and reducing risk to cardholder data. It is wise to use a holistic approach to your operational and security risks to ensure robust protection. Seek professional help as required and utilize management, employees and business partners to maintain a high level it cyber security. For further information please contact us at [email protected]