As yet another series of data breaches unfolds, there’s been more focus on PCI compliance than ever before. And for good reason. Apparently the PCI Standards Council, the body that overseas PCI, thinks that too many companies are failing in their obligations.
In just the last two weeks we’ve seen major data breaches announced at firms like JP Morgan Chase, Community Health Systems (4.5 million Social Security Numbers exposed), UPS, Dairy Queen, and more than 1,000 retailers.
Just as many security experts suspect, too many companies rush to achieve PCI compliance or pass an audit, then essentially ignore those same standards in the gaps between audits. And hackers will always take advantage of those lapses.
In an effort to encourage greater compliance all the time, the Standards Council just released what it calls a Best Practices document – which is essentially a reminder of all the dos and don’ts if you want to avoid trouble – from hackers and the Council.
In a bulletin just issued, the Council made recommendations that businesses of all sizes should take to minimize the risks:
In releasing the guidelines, the Council suggested that “Building a culture of continuous security and vigilance is vital to meet the intent of the PCI DSS, which is safeguarding payment card data at all times.” Most important, the Council warned that while PCI compliance needs to happen 365 days a year, for too many companies it’s little more than an annual event.
Wise words that should be applied to every corner of your business. If you want to avoid the costly distraction of security breaches, and focus on the stuff that will make your business strong, then secure your perimeters.
Your best bet, your best defense by far, is a top-to-bottom culture of security. With it, you’ll thrive. Without it, you’ll be constantly fighting fires. To get started contact SiteLock at 855.378.6200 for a free consultation.