Operating a small business doesn’t mean you can be complacent with how you’re protecting customer data and the prevention of the real threat of credit card theft.
Hacking gangs are alive and well hence the tightening of data protection rules in the western world including the European Union’s GDPR.
So there’s two major compliances to work on immediately if you’ve not done so already. Doing the basics to ensure your business is in compliance with data protection laws including the GDPR even if you’re not in Europe is a must-do and here’s how you can get started if you’ve not done it already.
Every website collecting email addresses and more, need to comply with the requirements for protecting customer data. There’s more that’s needed too see (Website policies) further on in this article.
There is also a pressing concern for all businesses, eCommerce and particularly those in the retail sector to commit to PCI compliance. You might be wondering what it is and is your operation too small to be bothered with it right now.
A really good explanation of what PCI DSS is and why any business transactions using credit cards needs to comply can be found in this article on BusinessBlogs.
Smaller businesses can do a self assessment and why you might sigh with relief, don’t get too comfortable, you’ll still need to know exactly how to do a PCI self assessment and how to get set up so when your business grows it’s got everything in place for external assessments.
PCI and Networks
The real difficulty lies in understanding how sensitive data moves along your network which is a must for assessment. The wireless LANs and other connectivity points like USBs and bluetooth can be penetrated hence they need to be monitored and secure. This is where a PCI compliant specialist comes into their own not only for your self assessment but also when using external PCI auditors for your compliance.
Earlier on we mentioned protection of customer data and laws like GDPR.
Any business with a website that collects customer data can not avoid the basics website features that allow for transparency of how customer data is collected, utilised and shared with privacy and cookies policies.
This really is the norm now and it’s the entry level for all websites so all website developers will implement it, so it’s just the older sites and the Do-it-yourself crowd who need to be aware of the requirements.
Website visitor expectation is they’ll see the pop up that asks for acceptance of re. your website cookies policy and they’ll take the necessary action. Without it, your business is not perceived as being secure and visitors may take no further action i.e. they’ll exit your site.
All websites should also be using the SSL (HTTPS), and be mobile ready. Plus have all the bells and whistles in place to manage customer data collection and management for protection of customer data.
Ignorance is not bliss and it will be hurting your business if your website is not on top of it’s compliance requirements. Get curious, find out what you need to know and when you need to take action to keep the hackers out and the visitors in.