Many retailers are under the impression that PCI compliance is the maximum protection they need to secure sensitive data. Retailers working with Qualified Security Assessor’s (QSA’s) desperately try to remove as many of their machines from the scope of PCI to reduce risk and ultimately become PCI compliant more rapidly. Although this method may expedite a compliance audit, it will not secure your network in its entirety.
The PCI Security Standards Council was formed to protect customer cardholder data and does not address general sensitive network information outside the scope of PCI. Using best practices to ensure complete data security will put your mind at ease and let you worry about normal daily operations. Spending a little extra time and resources on data security will shift the focus of your IT personnel to important organizational tasks, developing a much more favorable cost-to-benefit ratio.