Here is the next in the series from the PCI Council's - How to Protect Your Business With These Security Basics.
Security risks are everywhere these days - everyone up and down the chain is affected. At Skurla's Point of Sale Solutions, we take security very seriously - and wanted to share some resources from the PCI Security Council.
This month's topic: Understanding Your Risk - Protect In-House Access to Your Card Data.
PRIVILEGE ABUSE IS THE TOP ACTION LEADING TO BREACHES – ABOUT 55% OF ALL INCIDENTS REPORTED.
Here is a list of recommendations from the Council:
ACCESS CONTROL IS ALL IMPORTANT. Set up your system to grant access only based on a “business need-to-know.” As the owner, you have access to everything. But most employees can do their job with access only to a subset of data, applications, and functions.
LIMIT ACCESS to payment systems and unencrypted card data to only those employees that need access, and only to the data, applications and functions they need to do their jobs.
KEEP A LOG. Track all “behind the counter” visitors in your establishment. Include name, reason for visit, and name of employee that authorized visitor’s access. Keep the log for at least a year.
SECURELY DISPOSE OF DEVICES. Ask your payment system vendor or service provider how to securely remove card data before selling or disposing of payment devices (so data cannot be recovered).
SHARE THIS INFORMATION. Give this guide to your employees and business partners so they know what is expected.