If it seems like security breaches are in the news more frequently these days, that's because they happen at a more rapid rate than ever before.
According to a study by the Ponemon Institute, 76 percent of organizations suffered from data theft over the past two years. This number is up 9 percent from 2014's report. What's more, hackers are becoming more sophisticated, using new code like ransomware to hold data hostage.
What's most troubling is the fact that most businesses put in minimal effort to maintain their security, leaving them vulnerable to all types of cyber attacks. Data theft isn't just a concern for large retailers like Home Depot and Amazon. It threatens businesses in every sector – from IT to health care to retail. Even small businesses that accept payments online can fall victim to a security breach. They need to do all they can to protect their customers' data.
Increasing cyber attacks and a lack of security
The Ponemon report, titled "Closing Security Gaps to Protect Corporate Data: A Study of US and European Organizations," revealed some interesting information about how security is handled among today's businesses. Despite what many might think, most IT personnel don't believe that the biggest threat to their security is someone with malicious intent. Rather, half of those surveyed said they believed people inside the business who were simply careless about security were the biggest threat to data safety. Because of their negligence, outside attackers could easily gain access to important company data.
"Sixty-two percent of employees said they shouldn't be allowed to access proprietary information."
In addition, a greater number of employees – 88 percent compared to 76 percent in 2014 – reported that their job required them to access proprietary information, including customer data. However, 62 percent admitted they probably shouldn't be allowed access to some of this information. What's more, only 29 percent of IT respondents said their company fully enforced a policy where privileged data was accessible only to those on a need-to-know basis.
How PCI compliance addresses these issues
Interestingly, the Payment Card Industry Data Security Standards touches upon these issues directly. To be PCI compliant, businesses must withhold cardholder data from any employee who doesn't need it. In addition, every employee with computer access, whether they can obtain payment information or not, should have his or her own unique login and password. Everything done on a computer should be monitored, and businesses should create a policy that details data security steps for every employee and contractor. Working with a PCI-compliant payment processing company that offers hosted integration and processing options takes care of these steps for retailers and other businesses; not handling payment data in the first place, but entrusting it to a secure provider, is the best way to reduce risk of data breaches for companies of all sizes.
Even if you work with a secure payment processor, you should still take simple measures like using firewalls, creating a security policy and changing default passwords to keep your company information safe.
Brought to you by PacNet Services, your one-stop global payment processing solution.