PCI — Best Practices or Minimum Security Measures
Wednesday, August 12, 2009 11:30
I have written about PCI Compliance in a previous article and will not repeat that information here, but I did want to discuss the issues of PCI Compliance related to a recent data breach at Network Solutions. If you have not heard anything about this particular case, the incident occurred on March 12th of this year but was not discovered until July 13th. Approximately 573,928 credit card accounts were compromised in this attack. Currently, it appears that it was an outside attack.
Security is Guaranteed?
So, what has all this to do with PCI? You can read about such attacks on a weekly basis. What I think was different is that Network Solutions was PCI compliant at the time of the security incident. Obviously, government regulations and private security standards do not guarantee security.
I am not a fan of government regulation, and in most cases I have not really seen government regulations to be effective or achieve their stated purpose. Government regulations usually cause more harm then good for small and medium-sized businesses. Security standards or best practices developed by other organizations and associations are good starting points, but, as a business owner, you should look at these as minimum security requirements. Use the best practices or standards to guide you in evaluating your current security and implementing needed security changes, but do not think that these will guarantee security. Security can never be guaranteed, but you should try to come as close to eliminating identified security issues as possible.
Security is Ongoing
Security is an ongoing process, and you need to keep up on security issues related to your business on a daily basis. Leave a comment and let me know if this website helps you with this. Also, as you well know as a business owner, each business is unique and has different and unique security needs. The security needs of a business change over time and should be constantly evaluated.
This requires continually revisiting your business security needs to make sure you are protecting your business and customers to the best level that you can. Bottom line–use security standards and best practices as informational sources and guidance for improving your security but do not get locked into them. Be flexible and use additional security measures as you identify needs and go beyond the minimum security set by these standards and best practices. It is kind of like OSHA regulations–to truly protect your employees you have to go beyond the minimum requirements set by the regulations. Go the extra distance to protect your business and your customers and to make your business as profitable as it can be. Profitability is greatly reduced if you are always experiencing security losses.
Related posts: