There’s no denying it’s that magical time of the year again. One can sense in the air all around them the graceful falling of snowflakes, the soothing tones of seasonal choruses, the faint smell of fresh pine, and, of course, the blaring car horns and shouted expletives of drivers stuck in traffic trying to get to their local mall.
Yes, I am obviously referring to the gradual and upcoming end of the 2013 holiday shopping season – a time that, contrary to popular belief, generally does not consist of much peace and harmony.
And, as the good citizens of the world make it their sole mission in life to spend the last of their bonus checks while hunting down and becoming aware of the best deals available, it is even more important that the stores being patronized protect their sensitive data and stay on full alert of the ever-present threat of information theft.
It is for this reason that compliance standards such as PCI DSS (The Payment Card Industry Data Security Standard) have been introduced – with multiple sections that mandate all organizations who handle cardholder information such as debit, credit, prepaid, e-purse, ATM, POS, etc. must have a system in place to protect it. With the ever-increasing preference that the average consumer has for plastic over cash, the threat of a serious breach grows every year. According to the 2013 Data Breach Investigations Report by Verizon, in 2012, 24% (the second highest) of all reported major breaches occurred in the retail/restaurant environment – with perpetrators coming from both inside and outside of organizations and the majority being the result of misused access rights. This can happen for a variety of reasons, but much of it stems from unsecure folders and files that contain information that they should not.
For all companies that are in the retail sector, compliance with PCI DSS should be at the top of their wish lists for this year. Not just because it is good practice to have security measures in place to safeguard customer financial information, but also due to the fact that any security breach occurring in the system of a noncompliant entity may result in a heavy fine (as well as a spot on the Payment Card Industry Security Standards Council’s naughty list).
Although the roadmap to become ready for PCI compliance auditing may not be an easy one, we here at STEALTHbits have the perfect solution to get you started. It may not be delivered in a colorfully wrapped box with a bow on top, but Sensitive Data Discovery solutions will scan for and show you where your sensitive cardholder information lays (among many other things) within your system, as well as allow you to easily move it to a more secure location if compromised. In turn, this leaves you with a fast, easy, and cost effective way to prevent that information from falling into the wrong hands – say, those of the Grinch.
Don’t miss a post! Subscribe to The Insider Threat Security Blog here:
Nate is a Marketing Manager at STEALTHbits and has worked in the IT Security industry for 5 years.