Our 12 Days of Tips series explores how small retailers can ACT now to repel data thieves during this prime shopping season. Awareness, Checking security controls and Testing security now will help your business lock down your systems during the holiday rush. Merchants looking for more information on how to secure customer payment data should visit the PCI SSC merchant site.
Could You and Your Employees Pass a Security Awareness Test?
Did you know some of the biggest data breaches started when a hacker tricked an employee to reveal their password? That the most common passwords are “1234567” or “password”? During the holiday rush, would any of your employees allow a customer to use a business computer “just to check something on the Internet?”
Simple actions like these can trigger a serious security breach to your business. And the way to prevent them is equally simple: security awareness!
Promoting security awareness in your business is not meant to turn everyone into a technical wizard. Awareness is about simple things everyone should know:
- Being aware of security
- Protecting sensitive information (like payment card data) is mandatory
- Knowing the risks of mishandling sensitive information
- Understanding their role in handling information securely
Here are three simple steps to promote security awareness in your business.
1. Create a security policy. Security awareness starts from the top! Define why security is important to your business. Clearly describe information security responsibilities for each employee. Do this in writing and share it with all personnel.
2. Establish rules for using technology. Define the proper use of critical technologies by job role, such as use of strong passwords, point-of-sale terminals, removable electronic media (e.g. thumb drives & CDs), remote access, wireless, laptops, tablets, handheld devices, email and Internet.
3. Teach security awareness. Implement a formal security awareness program to make everyone aware of the importance of cardholder data security. This could be a once-a-month lunchtime discussion or a half-day eLearning course on awareness provided by the PCI Council.
Resources that can help you:
Merchants looking for more information on payment security essentials should start here: