How to Keep Your Small Business PCI Compliant in 2019
Security is becoming an increasing concern for businesses and consumers all across the globe. Digital risks are becoming even more prevalent, leaving business owners in charge of protecting themselves, their employees, and the customers that keep their doors open.
When it comes to security– and cyber security in particular– there’s a lot to keep up with. One particular area that you should never let slide, however, is your PCI compliance.
More than 65% of small businesses don’t live up to the minimum PCI security standards, and you don’t want to be one of them. Want to learn why PCI compliance is so important and how to stay compliant in 2019? We’ll go over all this and more.
What is PCI Compliance?
PCI DSS stands for “The Payment Card Industry Data Security Standard.” This is essentially protocol and security standards that were put in place to make sure that all sellers are safely accepting, process, transmit, and store all of their customer’s credit card information during every transaction.
These standards detail how you can safely handle cardholder data, and they’re not just simply recommendations or general guidelines; any business that has a merchant ID and accepts payments via credit card must be compliant with the security standards.
If not, you can be slammed with not only a data breach, but hefty fines alongside it. You can even get hit with credit card brands fining you anywhere from $5,000 to 100,000 per month, potentially causing your bank to terminate contracts or increase transaction fees.
The PCI standards apply to everything from your internal practices to the technology you use, including the following:
- Point of sale systems
- Card readers
- Online networks and wireless routers
- Payment card data storage tools, including those in paper-based records
- Online shopping carts and payment applications
How to Stay PCI Compliant in 2019
PCI compliance regulations are updated as needed, especially since technology evolves so quickly. You can find the full list of detailed regulations here. Let’s go through the key steps you need to follow in order to stay compliant in 2019.
Install a Firewall to Protect Data
Firewalls can help keep people from breaking into your network and accessing secure data (read: cardholder data), so they’re a solid first defense that all businesses should be using.
When it comes to firewalls, don’t just rely on the ones built into your router; get an additional, top-rated firewall to protect your business.
Firewalls are relatively easy to set up, and you can read about some of best options in 2019 here.
Never Use Default-Passwords
You and all of your employees should be using secure, custom passwords for every log-in. These should include a mix of case titles, symbols, and numbers, and they should be almost impossible to guess. You also never want to use the default passwords that vendors supply for their sites, updating them immediately.
For maximum security, you should follow these guidelines for creating strong, nearly-unhackable passwords.
Always Encrypt Cardholder Data
Encryption sounds a little intimidating, but it’s simple with the right tools and it’s exceptionally important to protect the information your business is storing. It works by scrambling the data, making it unreadable by anyone but those who have permission to view it.
This is true for remote and even physical breaches, offering an additional layer of security of a laptop gets stolen or the office is broken into.
Looking for new encryption software? Check out the best options in 2019 here.
Restrict All Access to Cardholder Data
Cardholder data shouldn’t be just stored in a database that all employees can access quickly. It should be available on a need-to-know basis only, and there’s very little reason why the majority of your team would need to manually access that information. You’ll want physical and digital access to be extremely restricted, and ensure that secure remote access is prioritized if needed.
Utilize Anti-Virus Software
In addition to having firewalls set up, you’ll also want to be using anti-virus software that protects against viruses and malware that can corrupt or steal any of your data. Viruses, after all, can happen if an employee even accidentally clicks on a rogue link in an email, many of which are looking increasingly more convincing.
There are so many different types of antivirus software available, but it’s important that businesses choose an option that’s designed for commercial or business use. A list of great options can be found here.
Train Your Staff
Did you know that employees and corporate partners are responsible for 60% of data breaches? In many cases, it isn’t malicious intent but instead accidental behaviors that result in the breaches. With proper training, this is avoidable and can decrease your risk significantly.
It’s not enough for you, the business owner or IT worker, to be trying to keep things secure on your own. Your entire staff needs to be trained and held responsible in online security and customer data.
This can include not allowing your staff to use unsecured public networks if working remotely, or to require your team to change their secure passwords every six months. Have an internal security policy, and make sure everyone is clear of what that entails. Update it as needed, and train all new hires, too.
PCI compliance isn’t set into law, but the resulting losses you could experience– including that of customer trust and your brand’s reputation– make it worthwhile to follow the security standards. They won’t guarantee that you won’t experience breaches, but they’ll certainly help. Take extra care to follow the protocols outlined in their guidelines, and if you have any doubt about the security status or risk of your business, you can always consult an expert.