- Maintain current compliance with Payment Card Industry Data Security Standards. (PCI-DSS). Compliance with PCI-DSS requires continuous adherence. This means a daily log review, weekly file-integrity monitoring, quarterly vulnerability scanning and annual penetration testing. To maintain continued compliance, Verizon recommends designating an internal PCI "champion" so that compliance becomes part of daily business activities during the holidays -- and every day.
- Self-validate very carefully – or entrust it to a credible expert. Top-tier merchants – which process the highest volumes of cardholder transactions – are allowed to assess themselves against the PCI standards. But due to the numerous issues and conflicts of interest this can cause, Verizon recommends that an objective and credible third party validate the scope of the assessment or perform the testing.
- Only use third-party security vendors who are credible experts. Verizon's "Data Breach Investigations Report' analysis revealed that small businesses and franchises of large chains are most vulnerable to cybercrime. If a third-party vendor manages a retailer's POS systems, the retailer should ask the vendor to confirm that PCI compliance measures are in place.
- Educate employees so that they can recognize security breaches and help keep security measures active. In addition to designating an internal PCI champion to ensure that the PCI security standards are being adhered to, employee education is critical for recognizing telltale signs of a breach and to understanding that prevention measures are working.
- In the era of omni-channel retailing, ensure that online and mobility channels are secure. Protect public-facing Web assets, which are great for attracting customers, but also magnets for cyberthieves. Protect in-store mobile assets through mobile-device management that can authorize approved employee access to corporate information, encrypt data, protect against viruses, and remotely lock and wipe devices of critical corporate information.
- Frequently change administrative passwords on all point-of-sale systems. Hackers constantly scan the Internet for guessable passwords, so avoid using POS systems to browse the Internet.
- Implement a firewall or access control list on remote access and administration services. If hackers can't reach a retailer's system, they can't easily steal from it.
Ready, Set, Sell ... And Don't Forget To Secure!
Check Out Our Best Services for Investors
- $2.5+ million portfolio
- Large-cap and dividend focus
- Intraday trade alerts from Cramer
Access the tool that DOMINATES the Russell 2000 and the S&P 500.
- Buy, hold, or sell recommendations for over 4,300 stocks
- Unlimited research reports on your favorite stocks
- A custom stock screener
- Model portfolio
- Stocks trading below $10
- Intraday trade alerts
More than 30 investing pros with skin in the game give you actionable insight and investment ideas.