The BBC recently shared an article which showcases a mock situation of an opticians dealing with the fallout of a phishing scam, badly! The message behind it is clear – failure to know what to do in the event of a breach could land you in very hot water. This got us thinking at PCI Pal; what could they have done to prevent a breach in the first place?

 

Educating staff on phishing attacks.

Phishing attacks rely on gathering confidential information to use maliciously. For example, an email is sent from what appears to be your service provider saying that unusual activity has been detected on your account, the email contains a link to reset usernames and passwords, when in fact it’s installing malware using the credentials provided to gather sensitive information. Educating staff to identify and report phishing emails goes a long way in preventing attacks, but with around 4% of people clicking on any given phishing email this isn’t enough to prevent breaches alone, as the BBC has demonstrated.

 

Deployed Anti-phishing software

Anti-phishing software works by preventing mails getting through and blocking potentially harmful links. Kaspersky Labs reported to have prevented over 51 million phishing scams in 2017. When you consider that 1,450 incidents were reported in 2017, this highlights the importance of preventing the emails reaching people in the first place. As attacks become more sophisticated it’s important that businesses ensure their software is up-to-date, or emails can slip through the net.

 

Ensured PCI compliance

From out-of-date anti-virus software to not encrypting stored credit card details, there are multiple points throughout the article which infers the opticians isn’t PCI compliant. Unfortunately, they’re not alone. In 2017 every company which suffered a data breach wasn’t PCI compliant at the time the incident occurred. Because of this it’s now a requirement to prove year-round compliance. Where PCI DSS is clear on the requirements, how to achieve them will depend on the business.

The goal should be to ensure as little credit card data as possible is stored, accessed and, where possible, removed from their environment all together. Identifying where hackers target is key to this; and it’s commonly where credit card data is heard and seen, such as the contact center environment. Solutions such as Agent Assist ensure no card details are seen or heard, therefore there is no data for the hackers to take. Of course, this will not stop attacks occurring, but given that 76% of them are financially motivated, doesn’t it make sense to ensure there’s minimal data available to hack the first place?

 

To discuss the benefits of de-scoping your business, get in touch with one of our experts today.