This week’s reading involves Security Consensus Operational Readiness Evaluation (SCORE), Payment Card Industry (PCI) Data Security Standard, and the Center for Internet Security (CIS) benchmarks.
In your post this week, mention one important concept you have learned regarding these assessment methodologies.
With the current state of the world, COVID-19 is wreaking havoc on a large number of businesses and business processes. In this week’s readings, I began to wonder how the pandemic if effecting aspects of payment operations such as PCI. In PCI Security Standard’s article, “8 Tips to Help Small Merchants Protect Payment Card Data During COVID-19,” I got the chance to explore how a majority of businesses are handling the rising security concerns and dwindling sales during the virus. Due to the abundance of employees who are working from home, as well as the limited abilities of those in IT and security (due to their increased workload of transitioning everyone to work from home), cybercriminals have used COVID-19 to their advantage.
Per the article, there has been a 475% increase in malicious reports that are related to Coronavirus in March. Furthermore, 41% of small businesses have been inflicted with a data breach that cost more than $50k to recover from (PCI Security Standards Council, 2020). Since small businesses have been hit the hardest financially, cybercriminals targeting their networks makes sense, as their resources are limited in identifying, defending against, and recovering from attacks. Thankfully, the article provides several helpful tips for small businesses in reducing the probability of attacks against their payment card processes; with the vast number of companies that manage to stay open during state lockdowns are relying solely on online credit card purchases to stay afloat, these suggestions couldn’t have come at a better time.
Per the PCI Security Standards Council, one of the most beneficial methods of protecting against data breaches is to merely reduce the amount of payment card storage, as well as where it can be found. For example, in place of typical online purchases, offering face-to-face and curbside purchases and product pickups can limit the amount of personal data stored on a business’s network. Using telephone payments is another excellent way to ensure that payment card data isn’t accessible from unauthorized individuals. While password security and sophistication are always vital, in the days of COVID-19, it is one of the leading causes for breaches (if weak or default passwords are used) (PCI Security Standards Council, 2020).
The article also recommends strong encryption measures should be used, as well as limiting and securing remote access to networks; while this can be difficult with so many customers and vendors working from home, it is imperative to implement the most robust security measures. Firewalls should remain to be a crucial part of the security of a small business, as their function ensures that incoming and outgoing traffic is authorized. Due to the rising number of Coronavirus-related phishing attacks, all users need to be trained well in understanding how to look for malicious emails, as well as what to do if they encounter them. As I work for a small business, I found the steps in the PCI Security Standards Council to be constructive in securing my own systems and networks I manage. In a word of such darkness, we can all use every bit of help we can get.
PCI Security Standards Council. (2020). 8 Tips to Help Small Merchants Protect Payment Card Data During COVID-19. Retrieved May 25, 2020, from https://www.pcisecuritystandards.org/documents/PCI_COVID-19_Resource_Guide.pdf?agreement=true&time=1590421275592.
Stallings, W. (2017). Network Security Essentials: Applications and Standards (Sixth). Pearson.