Retailers can change that and better secure their customers’ data in 2013.
The New Year has rolled around and this is the perfect time to bring back focus on the security of your business, i.e. data security and PCI compliance. Nothing has really changed with these two key issues in the world of retail. In fact, the intensity and the rigor have only picked up given the alarming statistics from Verizon’s 2012 ‘Data Breach Investigations Report’. 2012 not only had more incidents but also hackers hit a variety of targets with more accuracy and persistence.
The overall investigation on larger retailer breaches indicated that of the 12 PCI DSS requirements on an average, at least 8 were ’not in place’. Hackers picked targets based more on opportunity than choice. The targets had open vulnerabilities through which it was easier to get into networks. Retailers were quite simply, ‘puzzled’. Their general responses were along the lines of, “How could I have been breached? I am compliant!” As the report has indicated, the huge misconception is that ‘while compliance definitely helps drive security, compliance does not equal security.’
How do Retailers stay ahead of data security and compliance?
First, it is important to come to terms with the fact that Retailers CANNOT do it themselves. Secondly, PCI compliance is here to stay and will never go away. This is not a punishment but a protective measure to help businesses stay secure and remain in business.
There is no denying that Retailers need help from experts to lift the load of data security off their shoulders. The right option would be to go for a hosted solution especially if you don’t have the resources to constantly stay ahead of the changing landscape of hacker’s skills and be continually protected by default.
Find the right Managed Service Provider,
- who brings the experience of having worked in the retail space for data security and compliance
- who remains on the cutting edge of the industry
- who understands where data security is headed
- who understands the customers, POS and back office systems
- who has worked with QSAs and knows what they might be looking for
- who brings the experience of working with customers who’ve been breached
What has Data Security got to do with Compliance?
Data Security precedes compliance. Data security is not just about checking boxes and more importantly, PCI DSS compliance does not equal security. Overall security of the entire network environment on an ongoing basis should be the bigger picture to achieve compliance. So, where do you begin?
Again, get the help of experienced Managed Service Providers. They will,
- start with a discovery phase of your environment
- determine if systems in the network are up-to-date on patching and updates
- determine if activities are logged
- determine if remote access is secure
After this ground work is done, setting up the environment with all pieces of data security should follow. Such as reporting, alerting, logging of all system activities, secure remote control, password management, internal scanning, external scanning, verification of POS systems, installation of anti-virus/anti-malware, patching and file integrity monitoring.
Final Step – PCI Compliance
After the data security pieces are put in place, Retailers will be ready to move on to PCI Compliance. Find the right Professional Services and Security Strategists to assist you. They will help with writing security policies and implementing them, help you gather all the evidentiary logs to present to Qualified Security Assessors, go through the self-assessment questionnaires (SAQ), and help you address and complete them.
So, this confounding phrase ‘PCI Compliance’ is not just about answering the SAQ 286+ controls. It is more about Systems Management followed by Data Security. PCI Compliance is the end result and will not be successful if the initial steps are not in place.
Your Best Solution
Omega is the only Managed Service Provider in today’s market that can address all three phases – systems management, data security and compliance. Omega offers a complete solution and retailers get to choose exactly what they need.
Retailers have the option to pick,
- the entire package of systems management, data security and PCI compliance, or
- only systems management, or
- systems management and data security, or
- only data security, or
- data security and compliance, or
- just PCI compliance
Also, retailers have the choice of a hosted solution, OmegaSecure or an installed solution, OmegaManager. Call us today at 636-557-7777and get started. Omega’s principle is to serve only the customers’ interests and will guide you from start to finish on this journey.