Keeping your business computer systems safe and secure is imperative, no matter your industry or company size. Merchants who fail to implement the proper requirements to protect against data breaches and malware are putting both their organizations and customers’ information, including credit card numbers, at risk. With the continuous growth of online shopping and computer-savvy hackers, it’s best to be proactive with your business’ data protection capabilities.
Malware enables criminals to illegally profit off your business’ confidential information.
As outlined by the global research organization Payment Card Industry Security Standards Council (PCI SSC), when your business computer systems are unsecure, people can hack into your network, install malware, and then “disguise itself using well-known and trusted names,” which puts your POS (point of sale) systems at risk. From there, they can use the co-opted data for their own personal gains. This includes selling it on the black market, or using it to buy products for themselves online, as well as developing clone cards they can use at physical store locations.
Not only will this cause you stress, but it will also worry your customers, who will likely question whether they will shop at your business again.
The PCI SSC also states that most software is vulnerable to hacks involving newer types of malware.
According to the PCI SSC, “99 percent of computers use software that is vulnerable to attack if not updated.”
With that said, a new malware, called ransomware, is being used to target businesses.
“Criminals are attacking businesses with a type of malware that holds business-critical systems and data hostage until a sum of money is received,” it explains.
In 2015 alone, those affected by this malware paid a combined $24 million to those responsible for the attacks.
There are steps you can take to keep your business computer systems secure.
The PCI SSC established a set of security standards for all businesses in order to help prevent threats and data vulnerability crimes—although there are additional actions to take, such as becoming EMV-compliant. When an organization adheres to these regulations, they are considered PCI-compliant. There is even a self-assessment questionnaire to see which standards you're accurately following.
Here is a brief breakdown of the current standards, so you can determine if your business is PCI-compliant:
- “Build and Maintain a Secure Network and Systems”
- “Protect Cardholder Data”
- “Maintain a Vulnerability Management Program”
- “Implement Strong Access Control Measures”
- “Regularly Monitor and Test Networks”
- “Maintain an Information Security Policy”
Several of these are ongoing responsibilities, and businesses must stay up-to-date on the best ways to protect its information and what can be done to better secure it in the future.
Don't forget: Ask any vendors you work with if they are PCI-compliant, as well, and consult with your merchant services provider to learn more about the security features of their available POS systems.