4 Steps for Stronger Cyber Security
Ah, summer. Time to relax, head outside, enjoy a little downtime …
Not so for merchants! Many kick into high gear at this time of year. Others must fill the workday gaps created by vacationing employees. Either way, there’s a need for extra help.
Often, that means students on their summer break. And although the readily available pool of labor is great, using temporary or seasonal help introduces an extra challenge in maintaining secure best practices for transactions.
Newcomers may be totally unfamiliar with data security, the dangers of card fraud, and the need for vigilance; you need to get them up to speed as quickly as possible. So, how do you establish security practices that are easy to convey and maintain, regardless of employees’ comings and goings?
One good starting point is the National Cyber Security Alliance, which provides practical online resources for meeting just such a challenge. The NCSA recommends that merchants take specific steps to maintain cyber security in their businesses.
1. Have a strong security policy in place.
Start by carefully screening potential hires for their trustworthiness and ability to understand and stick to the rules.
Those rules should be built around the compliance requirements of the Payment Card Industry Data Security Standard (PCI DSS). Having a clearly defined policy means everyone follows the same tried-and-tested procedures and knows how seriously you take security.
Policies should include defined responsibilities for every individual, daily routines to test and ensure compliance, unambiguous rules on employee use of mobile devices and the Internet, a simple and widely understood communication process for raising concerns, and an incident response plan ready to swing into action if the worst happens.
2. Integrate your policy with a complete and documented cyber security plan.
Cyber security means protecting your data and your systems from attack as well as maintaining card transaction vigilance.
Your plan should be based on an assessment of your risks and vulnerabilities, with defined processes for monitoring threats and protecting customers in the event of a data breach.
Don’t know where to start? Make it easy with the Federal Communications Commission’s Small Biz Cyber Planner, which lets you select relevant topics and then generates the plan for you.
3. Train employees.
Having a policy and a plan is no good if people don’t know how to apply and use it. Make it a priority to train employees in securely handling in-person and card-not-present transactions.
Employees should also understand key basic security procedures, such as how to create strong passwords, not clicking on links and attachments in emails, and what to do if they’re suspicious about any transactions.
Make them aware of the activities that should arouse their suspicions, like new customers, multiple transactions on a single card, several cards using the same address, and international orders. (See our full list of red flags here.)
4. Follow through and maintain constant vigilance.
Cyber security is not a set-it-and-forget-it process. Criminals are constantly adapting their strategies — and they’re persistent in their efforts. So we have to adapt and persist, too.
It’s vital that you stay abreast of cybercrime activity and continuously monitor employee adherence to your policies. Stay in touch with the latest cybercrime news and trends by monitoring news reports and subscribing to specialist online information services.
For example, the “Threat Level” section of Wired.com provides the latest cyber security news in an approachable way. And Krebs is an excellent source to receive cyber security updates, including breaches. Sign up for free alerts.
Carry out spot checks on employees to ensure they’re following security procedures and, if you do suffer a card fraud incident, find out how it happened and communicate the lessons learned.
If employees know security is at the top of your agenda, they’ll keep it at the top of theirs, too.
