PCI Pal featured on Toolbox Security, read the full article here.
COVID-19 has presented new challenges for newly remote businesses that have had to make drastic adjustments in policies and practices rapidly. But one of the greatest challenges has been maintaining security and compliance in the new WFH environment, Geoff Forsyth, CISO, PCI Pal explains.
This has been a difficult time for businesses and consumers around the world. COVID-19 has presented new challenges for how we operate as a society, one of the greatest being navigating our new lives in digital spaces from home. From more background noise to decreased productivity, newly remote businesses have had to make drastic adjustments in policies and practices in a short period of time. But one of the greatest challenges for many has been maintaining security and compliance while the entire workforce conducts business from home.
Underscoring this issue further is the rapid uptick in cybercrime. According to the United States Department of Homeland Security (DHS), the Cybersecurity and Infrastructure Security Agency (CISA) and the United Kingdom’s National Cyber Security Centre (NCSC), more and more malicious actors are exploiting the pandemic.
With the proliferation of cybercrime and the growing importance of data security, ensuring compliance has never been more critical. Adhering to compliance standards starts with making sure employees are engaging in secure behaviours online and over the phone, for both their personal and business accounts and devices. With many remote workers likely using personal devices for work and vice versa, there are more ways for data to be leaked. A few things to keep in mind for employees working from home:
We have all been told a thousand times to change our passwords regularly and vary our passwords across different accounts. Yet according to recent research from PCI Pal, 47% of Americans are still using the same password across multiple sites and apps, leaving accounts extremely vulnerable to hackers and fraudsters. Consider updating your passwords and utilizing a password management tool to improve account security across both personal and business accounts.
Utilize two-factor authentication. Most services offer some flavour of two-factor authentication, yet 23% of Americans are still not utilizing these simple tools to protect themselves against bad actors. Take advantage of these tools across all of your accounts to add an extra layer of security.
Despite all the headlines related to fraud, many of us are clicking links or downloading attachments in emails without checking if it’s safe. Phishing attacks are the biggest cause of cyber compromise, yet almost a third (30%) click on links of unknown origins. If unsure of a link or attachment, simply avoid opening it.
In addition to online security, remote workers also have to consider security over the phone. Phone scams have increased during coronavirus, with fraudsters posing as health officials and other services to steal our personal data. When speaking with a customer service representative, double-check their credentials. If you’re not sure of their identity, hang up and call them back on the phone number listed on the company’s website, especially if they’re asking for sensitive payment information or other private details about you or your company.
But companies can’t just rely on workers to ensure they are in compliance with data privacy regulations. Even if workers are engaged in all of the above, there is still room for errors — and potentially costly ones. With GDPR, and new regulations like the California Consumer Privacy Act popping up across the U.S., organisations can’t afford a data breach — especially during these uncertain times, which has already impacted so many businesses financially.
To ensure your business maintains compliance with privacy regulations in your region, start by adjusting any privacy practices as needed. A few steps for businesses to consider:
The way your company collects and uses data should still be the same, but you may need to enact new security measures to ensure employees handle data securely at home.
Additionally, any compliance officers in charge of meeting disclosure requirements will need to be able to securely access any consumer data from home — a process that will likely require additional security measures and tools.
To ease any customer concerns and provide some much-needed certainty, let your customers know of any new security measures you put into place. Making customers aware of any changes will make them feel more confident doing business with you during this time, and help to ensure customer loyalty after the pandemic.
For any business handling consumers’ sensitive payment details, consider adopting a PCI compliance solution that works across multiple customer engagement channels. Complying with the PCI DSS, which is the highest standard of security for payments, can help to ensure compliance with additional data privacy regulations and protect your company and customers from data breaches – whether you’re taking payment details from the office or at home.
This is a difficult time, and a data breach won’t make things any easier. More than ever, companies need to prioritize security and compliance and ensure their employees have the tools they need to continue working securely from home. We don’t know what the world will look like in a month or even tomorrow, but taking these steps toward improving security practices will ensure your company and employees are prepared for whatever the future may hold.