How To Improve Data Security And Storage
Personal information is one of the most sought after, most liquid commodities in this digital age. As consumers become more and more aware of the dangers of digital transactions the importance of data security and storage will become more and more pronounced.
Perhaps the biggest problem to face merchants right now is not that they are ignoring security measures. In fact, many of the merchants who have suffered some kind of security breach had spent huge amounts of time and resources on installing security systems. The problem was that these companies simply weren't prepared to deal with every area of possible threat. Some avenues may have been completely blocked, but others were unknowingly left wide open.
As more of these stories reach the public notice, merchants will eventually realize that improved data security and storage is just good business sense. At that point we might be able to trust a business to implement those measures on their own. Until then, though, the major credit card companies will rely on the PCI DSS (Payment Card Industry Data Security Standard) to encourage business to improve their security.
The PCI DSS is a list of 12 requirements that any merchant that stores, processes, or transmits sensitive information must conform to. These requirements can be considered the necessary steps to improve your own data security and storage methods.
Begin by controlling the traffic that has access to your system by installing a firewall. Firewalls are devices that control the traffic in and out of a system and can block transmission that don't meet the specified security criteria.
The next step is to change all the vendor supplied passwords that may have come with your security systems. Most of these passwords have already made it into the hacker community and are the first things they'll try as they attack your system. A merchant should change these as quickly as possible.
Once you have the cardholder data, you have to do everything you can to protect it. This includes encrypting all data and keeping stored data to a bare minimum. Physical and computer access to information and encryption keys must also be strictly controlled.
But encryption of data stored on a system is not enough on its own. Not only must data be secured on both end points, but cardholder data must also be encrypted in transit. This is due to the fact that if a hacker can't get to your information while it's on your system, they could try to intercept, modify, or reroute it as it is sent.
Threats to your information don't only come from hackers. Viruses or accidents can crash or otherwise destroy your system, causing a loss of information. A merchant must install and keep anti-virus software up-to-date, and develop and maintain secure systems and applications. Or if you're using third part applications you must make sure that you install and necessary patches and updates.
Access to cardholder data must be restricted to business need-to-know. A lot of trouble has happened in the past because too many people have access to a system. It's in these cases that access has a tendency to spread.
For everyone who has access to the system, a unique ID must be assigned. By doing so it will be easier to identify the cause of any problems that might happen.
There's still a problem with physical access which must also be restricted. Unethical employees could cause problems, or a thief could physically walk out the door with your computers. This is something often overlooked in our digital age.
Monitoring, tracking, and logging must be strictly enforced. If your data security and storage measures happen to be compromised, this is the only way to ensure that you can rectify the problem.
Regular testing is the next step. It's the only way to make sure you can find and plug any security holes before criminals can take advantage of them.
And finally, you need to make sure everyone in your company is aware of these security measures and their own responsibility in keeping sensitive information safe.
By following these steps you will find a couple benefits waiting for you. The first is PCI compliance, which carries many of its own benefits. Second, you will be set to engender trust in your customers, who will be more willing to continue doing business with you.
Andy Eliason is a writer at Main10, Inc. If you'd like to learn more about data security storage visit http://www.braintreepaymentsolutions.com/data-security-storage/article/16/ or http://www.braintreepaymentsolutions.com/
Related Articles:
Eloquent Systems Upgrades SaaS Hosting Environment; Cites Growing Demand for Specialized Libraries, Archives, Museums and Global 2000 Corporate Record
Eloquent Systems has completed an overhaul to its hosted solutions environment, migrating it to a popular co-location data center. The recent infrastructure investment was undertaken to accommodate rising demand for Eloquent's Software-as-a-Service (SaaS) business model, as well as increasing popularity of Eloquent's solutions with end users. "As our customers deploy self-service features such as our PublicSearch™, SpiderSearch™ and VisualSearch™ tools, and syndicate access to their collections through our Automated EAD Encoding module, end-user demand for a solid 24/7 hosting environment increases," stated Merv Richter, President of Eloquent Systems.
Minneapolis IT Firm Corporate Technologies Broadens Reach and Service Offerings with Acquisition of Idaho Technology Company, ITG
Corporate Technologies, a Minneapolis, MN based information technology firm, today announces the acquisition of Idaho technology services company ITG (Intermountain Technology Group). The acquisition is the latest in an aggressive expansion plan with Corporate Technologies now holding offices in California, Michigan, North Dakota, Minnesota, New Jersey and Idaho.
Covenant Security International Launches New Critical Infrastructure Protection Division
Covenant Security International, LLC. (CSI), a leading security, training, assessment and risk consulting brand, announced Angela Williams-Tasky, CPP, as the Managing Director of the newly formed Critical Infrastructure Protection (CIP) division. Covenant Security provides a full range of security, training, assessment and risk consulting services to domestic and international clients, with a special focus on protecting people and assets in high-risk environments.
Get Creative With Your Home Security System
A 21st century Home Security System can be so much more than just a device that calls for help in case of an emergency. In fact, it can be a great help in everyday life. What about an SMS message when the liquor cabinet is opened at 3 AM and the only one home is your teenage son?
CoreValve refutes alleged patent infringement action by Edwards Lifesciences: "We have great confidence in our technology and our legal right to
CoreValve (www.corevalve.com) has been informed that Edwards Lifesciences has filed a lawsuit in the United States District Court in Delaware alleging infringement of certain Edwards patents.
Spyware Will Compromise Your Online Security - Act Now Before It's Too Late!
It?s amazing just how many computer users are blissfully unaware that there systems have been infected with Spyware. Perhaps more alarmingly is that your personal data could be being leaked to a third party right now as you read this article, and all without your knowledge or consent.
Web Hosting: 4 Factors in Choosing a Hosting Company
When choosing a web hosting company there are a whole lot of different factors that should go into your decision making process. One of the biggest factors should be:1) Phone support.
Rear Door Heat Exchanger Wins Data Center Cooling Competition : IBM® TECHNOLOGY LICENSED BY VETTE ENABLES MORE EFFECTIVE COOLING PER SQUARE FOOT OF
Vette Corp (Vette), a leading global provider of thermal management solutions, earned bragging rights for the most energy efficient data center cooling system in a recent industry event. IBM?s Rear Door Heat Exchanger, licensed and installed by Vette, went head-to-head with leading competitor liquid cooling products in a ?Chill-Off? competition sponsored by the Silicon Valley Leadership Group (SVLG). The results of the competition were presented at the SVLG?s Data Center Energy Summit in Santa Clara, CA on June 26, 2008.
M&A Technology Announces a Strategic Partnership with GoKnow
M&A Technology, leading provider of technology products, announces a strategic partnership with GoKnow, a leader in educational software. As part of this agreement, GoKnow will customize their Mobile Learning Environment (MLE) to the Companion PC in order to deliver a complete solution to harness the power of mobile computing in the classroom. With MLE, teachers can transfer their existing curriculum into the Companion PC and monitor the progress of students throughout the school year.
Adventure Activities Made Safer Due To Modern Technology
The health and safety of children and adults is seemingly never more important than when they partake in adventure activities And by the very nature of some of these activities, potential danger is never too far away from the minds of participants