The 2014 Verizon report indicates that 9 out of 10 failed their PCI DSS baseline assessment.
Here are some excerpts from the report:
Here are five key recommendations provided by experts
1. DON’T UNDERESTIMATE THE EFFORT INVOLVED
PCI compliance needs time, money, and executive sponsorship. It needs to be part of everybody’s job — application developers, system administrators, executives, and even staff in shops and call centers — not just left to the IT security team.
2. MAKE COMPLIANCE SUSTAINABLE
There are thousands of tasks that an organization must complete throughout the year to stay compliant. To be sustainable, compliance needs to be embedded in “business as usual” as an ongoing process.
3. THINK OF COMPLIANCE IN A WIDER CONTEXT
The best thing you can do as an organization to simplify your PCI compliance workload and achieve real security is to put your compliance program within your wider governance, risk, and compliance strategy.
4. LEVERAGE COMPLIANCE AS AN OPPORTUNITY
Done right, PCI Security compliance can drive process improvements, identify opportunities to consolidate infrastructure, and generate additional equity. Think of it as an opportunity, not a burden.
5. FOCUS ON SCOPING
There is lots of misunderstanding around how to keep systems out of scope, but there are clear best practices to follow. The first is to store less data on fewer systems. This not only makes achieving compliance easier, it can also save you money on storage and backup
Here is a link to the entire report.
Where can you find the right guidance to help protect your data and stay compliant?
Omega ATC is an expert partner in guiding you with the completion of a successful QSA audit. After years of experience and working with businesses of all merchant levels, we understand what to address to keep your data secure and help you remain compliant. Get in touch with us.