Build and keep customer trust: Breaking down PCI compliance and other security essentials
What your small business needs to do to build and retain consumer trust
“Once you’re outside the circle of trust, you’re out. There’s no coming back.”
Small business owners share a common goal — acquiring and retaining good customers. If not for good customers, our businesses might not make it. So we take special actions every day to keep them happy.
Yet, millions of people are left exposed through a common misstep made by businesses every year. The result of a data breach may not only expose your customer’s private information, but decimate your organization’s long-standing reputation and cost your business hefty fines. There’s more to PCI compliance than meets the eye. Allow us to explain.
Hackers are highly motivated by money to acquire data. No data is valued more than a customer’s personal information. You’re smart. Hackers are smart, too, and they’re deploying animated bots to search for site vulnerability.
It doesn’t matter if your business is big or small — susceptibility to data breaches applies to all. Even while data breaches become more commonplace, few businesses are prepared to prevent one.
Security is important. Businesses know to lock the safe at night. Why would they not do the same for their credit card and online transactions?
A little history — PCI DSS at a glance
The Payment Card Industry Data Security Standard (PCI DSS) was designed through a joint effort by major credit card companies in 2004. The standard aims to encourage and enhance cardholder data security.
In short, credit card companies wanted customers and businesses alike to feel peace of mind with credit card security. So they created a standard with six control objectives, designed to keep companies, and their customers, safe.
PCI’s Security Standard – Common Sense Steps
- Build and maintain a secure network
- Protect cardholder data
- Maintain a vulnerability management program
- Implement strong access control measures
- Regularly monitor and test networks
- Maintain an information security policy
Through these milestones, merchants can minimize risk factors and protect both card issuers and cardholders. These standards help businesses meet minimum levels of security when they handle, store, and process cardholder data.
Compliance is not legally mandated, so businesses who aren’t compliant won’t face criminal charges unless they suffer a data breach while not in compliance. The result of a business not taking care of its customers’ data may include steep fines and penalties. Oh, and possibly losing the ability to process credit cards — even if the business uses a third-party processor.
PCI compliance is not a one-time event. Just the same way a business locks the safe every night, PCI compliance requires a continuous effort of repeated attention. Security should be at the foundation of every business. A lack of security could wipe away a business’s reputation in one fell swoop.
Aside from PCI compliance, a business should take everyday action to keep its customers safe and focused on its bottom line.
Secure private WiFi
Hacking can occur on the surface level. A WiFi network is a common attack surface for hackers. They can compromise passwords and track user information through this avenue. Not securing a WiFi network can be costly, as hackers can attack the network or target devices connected to it.
A strong and secure WiFI password is the first step to minimize vulnerability to a hack. Use a complex password consisting of letters, numbers, and symbols. More characters means better protection.
Oh, and while you’re at it, change your SSID. This is also known as your WiFi network’s name. No need to make this complex — you can have some fun here. The purpose of changing out the SSID is to show hackers you probably changed the password from the default as well.
Stay away from open networks
Keeping connected is important. Where would you be without WiFi?
There’s a good chance you may have set up your device to connect to public WiFi automatically — usually the strongest connection in your area. This feature is common on most devices, and is usually turned on. Go ahead and switch that feature off.
Hackers may intercept user data through devices connected to the public network. In other cases, a hacker may dispatch a fake wireless access point to easily track your browsing. Stick to a secure network, or use your device’s mobile hotspot.
Keep clean with an antivirus software
Wondering if you still need antivirus software in 2020? The answer is a resounding yes. Even if you are sensible and careful of what you do online, where you visit, and what you click on — that doesn’t mean you’re free from potential harm.
Antivirus software has grown in sophistication along with the nefarious programs they’re intended to fight against. Go with one of the reputable names, as they’re designed to tackle newer segments of malware. Download an antivirus software and be glad you did. Routine scans can keep you safe from serious harm.
Encrypt. Encrypt. Encrypt.
If you have ever owned a safety deposit box, you know they can only be opened with two keys — one you keep and one the bank keeps. This process ensures an added layer of security that keeps your most important possessions safe and secure. It’s a model you should follow for your digital files, as well.
Computer passwords are notoriously easy to get through. You wouldn’t want a lone gatekeeper standing in the way of your personal documents. Encrypting files can help keep hackers out of your data. File-level encryption allows the user to encrypt a file with a generated key, unique to that user. In layman’s terms, encryption is a password attached to the file that limits the file’s accessibility to a lone user who has the necessary key.
For goodness’ sake, change your password
This bears repeating: use a strong password. If you are rolling with password1, do us all a favor: take five and go change it — please. Beyond using a strong password, avoid using the same password for everything. A variety of passwords will help keep your data protected from hackers. A healthy routine is to regularly change your password every 30, 60, or 90 days.
- Don’t use these — The most common passwords of 2020
Lock it — every time
Walking away from your computer unlocked is a lot like walking away from an unlocked safe full of money. Anyone can take advantage and instantly get their hands on stuff that doesn’t belong to them — and it doesn’t matter if you’re in the office or the coffee shop. An important part in staying protected is to lock up when you’re away from the computer.
Leaving for the night? Lock your computer? Stepping away to go to the bathroom? Lock your computer.
- On Mac — CMD+CTRL+Q
- On PC — Windows+L
Count the hands
If sensitive information is at stake, ask who needs access and who doesn’t. To keep information secure, keep the number who have access small.
Well outlined roles and objectives in projects can minimize the chance of having too many unnecessary hands involved, and keep the right information secure. It’s a good rule to continually revisit the stated objectives before adding someone to a project.
Count the hands
Hackers pose their biggest threat online, but being susceptible to a hack isn’t exclusive to the internet. Threats can come in-person, as well.
Stay protected by following the same principles you would online. Lock the safe. Be secure with how you store cardholder information, and restrict physical access to cardholder data.
These principles can ensure your business stays in good withstanding with its customers.
For more business success tips, visit Acumen Connections.