A new school year is here reminding us about the importance of education. Even in the workplace, ongoing training and testing are necessary to keep your company’s policies and procedures current. Here are 12 easy steps to evaluate and comply with PCI requirements.
What are PCI requirements? The Payment Card Industry (PCI) developed a set of requirements to ensure all companies that process, keep and send credit card information maintain a secure environment to protect card holders. All companies or merchants that process credit card information must comply even if you only process payments over the phone.
PCI compliance isn’t so bad. Take a look at these necessary steps to secure your payment processes.
- Build and maintain a secure network to ensure data collected, stored and transmitted is safe.
- Use passwords to protect your servers, workstations and important files. Create strong passwords using letters, numbers and characters to keep hackers away.
- Protect cardholder data. Anything associated with the cardholder like account numbers, expiration date, name, address, etc. must be protected.
- Encryption. Keep sensitive information secure using encryption when data is sent over the Internet.
- Maintain a vulnerability management program. Identify, document, and remedy issues with programs like vulnerability scanners, firewalls, and anti-virus.
- Secure your network and keep your applications healthy. Network security starts with assessing your current standing, ongoing monitoring, and layers of protection using hardware and software.
- Strong access control measures are like door locks. You wouldn’t go to bed with the back door wide open, right? Lock down your network so only the right people are allowed to login.
- A unique ID for every workstation gives you a signature to follow so you can see exactly who is accessing what information and when.
- Physical access to data should be restricted too. Keep your data restricted with physical access limitations that only allow key personnel access.
- Regularly monitor and test your network. Who is watching your network? Constant monitoring of your network allows you to head off attacks, slow or failing components, and unauthorized use.
- Security and processes for all network processes. Did you know, the safest way to secure your network is to unplug it! The next best thing is strong consistent security monitoring and control processes to ensure your company is safe.
- Maintain information security policy (data policy). Pave a way for your company to address and recover from things like hardware and software glitches, attacks, natural disasters, even theft or fire.
Need a keen eye? Give us a call. We will conduct a Free Network Assessment giving you the tools for PCI compliance.