Tomorrow, most Americans will be enjoying Thanksgiving festivities with their family, celebrating what they are truly thankful for over a feast of plenty. However, the Friday after is a different story. While some might want to stay put and watch the shopping unfold on the news, others will be in the depths of shopping galore. And while I do like a little shopping myself, I’d like to take a minute to remind everyone about keeping data safe this black Friday.
High profile retail data breaches have also been of plenty over the last year. It was almost a year ago that Target was breached, and Sally Beauty, Neiman Marcus, Michaels, Kmart and Home Depot have all recently suffered data breaches that exposed their customers’ personal and payment card data. With billions to be spent on Black Friday, and a lot of that spent via credit and debit cards, retailers are responsible for a whopping amount of personally identifiable information (PII) and financial information.
With the constant threat of security breaches looming, it is more critical now than ever to keep data safe this Black Friday. Retailers need to secure the payment processes and protect customers’ account data. If you are storing cardholder data or any of your customers’ PII, you’ll need to protect that information. Here are a few suggestions to keep data safe:
- Don’t trust the network – If an area of the network houses data, applications, or systems that are considered highly sensitive, then no one accessing them should be completely trusted, ever! Instead, the context and posture of the user’s current environment and device should be assessed and compared to corporate policy: What type of device are they using? Where are they? Does the device comply with corporate policy?
- Don’t trust that application content is secure – Unfortunately, even with a content management system in place, files move around in companies– via copying, desktop download, email, etc. Therefore, you cannot always trust that sensitive information will remain there and stay secure. Put controls in place to restrict what authorized users can do with sensitive documents to limit the damage that can be done by accidental or unauthorized sharing.
- Enforce policies on the handling of cardholder data – Paper policies are great, but how can you ensure employees are following them? Prevent or warn users if they attempt to distribute sensitive information such as cardholder data or confidential documents against policy using predefined rules. Key stakeholders should be automatically notified of violations so that appropriate actions can be taken.
- Know how cardholder data is used – Track and monitor the entire lifecycle of documents containing cardholder data. Audit trails to record which users opened, printed or emailed documents containing cardholder data or other PII content are an important step to assess security and track potential misuse or leaks.
Learn more about securing application content with PII and securing network and application access.
Lastly, Happy Thanksgiving from all of us at Cryptzone and HiSoftware.