By Chris Edwards
Manager, IT Services
Lately it seems like every time we look at the news we hear about another major case of data security breach. Just last month we learned that 100 million Target customers may have had their personal information hacked, including credit and debit card records.
If you run a business, especially one that deals with customer’s financial information, data security is a vital concern – both in terms of protecting your own data as well as that of your customers. Here is a brief rundown of things you need to know about whether your data is really secure.
Infiltrators from all across the globe are constantly at work to break into private computer networks to access financial data, both individual hackers and automated programs. They only need to succeed in a tiny fraction of their attempts to reap substantial fraudulent gains.
Companies that process credit/debit card payments should already be familiar with PCI Data Security Standards (PCI DSS). This provides “an actionable framework for developing a robust payment card data security process — including prevention, detection and appropriate reaction to security incidents,” according to the PCI Security Standards Council.
If you’re not already using PCI DSS, head to the council’s website, which includes a self-assessment questionnaire, a list of tools to become PCI DSS-compliant and security requirements for all personal identification number (PIN) terminals.
Encryption of mobile devices that include important data, such as laptop computers, is one of the most significant ways to guard against a security breach. Historically, this has been one of the most common ways for financial data to become exposed.
In addition to encrypting the device against unauthorized login, another option is to not store the data on mobile platforms at all, but have those employees who need to access a central database remotely – again, with standard encryption and password protocols in place.
If your system stores customers’ data, you should limit the number of employees who have access to only those who need it as part of their essential job functions. This is known as application security, and is vital to making sure critical information is only available to those who truly need it – whether it’s client order information or a list of employees’ salaries.
The thing to keep in mind is that data security isn’t something that just happens after you install a firewall and anti-virus software as part of your computer system. It requires time and thought to erect and maintain systems and procedures that make it very hard for thieves to penetrate your defenses.
If you need to consult with an expert about how to protect your company’s data, please call Chris Edwards at (317) 613-7855 or email [email protected].