As information technology continues to expand, threats and risks of potential harm such as security breaches also increase. Hackers will always try to infiltrate classified databases and steal confidential information that can immensely damage business operations. It is an event that, at all means, must be avoided. But how can you be sure that you have built a fortress that will be kept safe from cyber criminals? Quick answer is, check the quality of your IT security and compliance.
You can start by checking your compliance with Payment Card Industry Data Security Standard (PCI DSS) which is a reputable information security standard used to protect cardholder data and secure payment solutions. It is handled by major card schemes such as American Express, Discover, JCB, Mastercard, and Visa. To give you an overview, the goals for its standards (as stated in their official page) are:
1. Create and Sustain a Secure Network
2. Shield Cardholder Data from Cyber Invasion
3. Implement a Vulnerability Management Program
4. Install and Operate Strong Access Control Measures
5. Regularly Check and Run Tests on Networks
6. Formulate and Uphold an Information Security Policy
In a survey conducted in 2016 by Verizon as reported by Computer Weekly, only 29% of the respondents fully complied with PCI-DSS standards barely a year after they had received their compliance certification. This means that the other 71% are at high risks of compromising data and security. Loss of security management can lead to other negative effects such as potential loss of customers, loss of jobs, and even loss of business.
And while your business is industry-compliant, i.e following PCI, you must also understand the risks and add security measures to your business. Just to cite an example of risk despite PCI compliance is the massive data breach that occurred in 2013 when Target, a huge retail company in the US, had “stolen” 40 million debit and credit card numbers. This event prompted the exit of its then CEO, Gregg Steinhafel. He stated that Target complied with PCI standards; however, investigations revealed that its IT security team had failed to respond to the security breach alert which happened before the hacking initiated. The breach could’ve been prevented if only the proper monitoring and prompt actions have been carried out before it’s too late.
Besides industry-compliance, how else can you strengthen data security even more? One way would be through implementation of data transfer policies. Through this, cloud file sharing could be more secure and data theft could be reduced. This year, about 72% of the US IT teams are already utilizing definitive security measures to prevent “unsecure file transfer”.
This policy would also be helpful in managing risks brought about by the BYOD (Bring Your Own Device). It is common nowadays to allow employees to use their own gadgets such as smartphones while at work. While increasing employee productivity, this practice also exposes the company’s network to various hacking threats as each employee would be susceptible to conducting unsecure transactions for work or personal use. Therefore, strictly implementing a data transfer policy would undoubtedly become necessary.
For some guidelines regarding information security over BYOD, businesses can pick up some clues from the UK Information Commissioner’s Office (ICO) which has published a list of information security measures that can be adapted based on the business’ security needs. ICO summarizes them as user-friendly advice:
IT security and compliance is challenging as it requires intensive attention to detail, but strict adherence to it is without a doubt, a need to strive in the constantly progressing world of IT.