The arrival of COVID-19 and the subsequent lockdown posed a significant challenge to businesses and, for many, a swift move away from their usual bricks and mortar operations to ecommerce and over the phone sales. But, in the rush to enable remote working for employees and the shift to card-less payments, vulnerabilities were exposed, sadly leading to a large increase in cyber-crime incidents, with hackers attempting to force their way into IT networks and gain access to personal data and payment information.
So, what have we learned from this experience and what can be done to better prepare ourselves should the situation arise again?
Cyber criminals are ready to seize opportunities and coronavirus was one of them
During this time of uncertainty and increased online activity, cyber criminals have been actively working to exploit the COVID-19 situation with attacks that prey on businesses and their employees. Seizing on flaws in IT networks and security awareness, hackers have managed to infiltrate systems through a variety of tactics including phishing scams and impersonation of IT professionals. According to BitDefender*, there was a 475% increase in malicious reports related to coronavirus in March – a stark reminder that hackers pose a continuous, significant threat and are using increasingly sophisticated methods to access confidential and card payment data.
Businesses need to have continuity plans, policies and procedures in place for this kind of eventuality
The rapid move to remote working highlighted the gaps in many organisations’ policies for regulating and managing the process of working from home, leading to weaknesses in networks and putting customer data and the transaction environment at risk. Formal policies are required that can be speedily applied when necessary, outlining rules such as prohibiting the copying, moving, sharing and storing of payment card data, parameters for passwords and multi-factor authentication along with guidance for setting up a secure working environment that ensures no sensitive data is visible to unauthorised persons. These policies need to be revisited on a regular basis so that they remain relevant and up to date.
There is a need to improve the quality and increase the frequency of cyber security training
Regular security awareness training helps to create and maintain a culture of security within an organisation, reminding employees of the vital role they play in protecting the business and the customer from the risks associated with cyber-attack and data breach. Stay one step ahead of cyber criminals by keeping staff informed of the latest threats, what to look out for and what to do if anything suspicious arises.
Being PCI DSS compliant can help with all of the above
Going through the process of achieving PCI DSS compliance creates foundations for effective policies and procedures for accepting and processing card payments securely, whether your staff are based in the office or at home. The security standards provide a framework of guidelines that include multi-factor authentication and strong password policy, regular vulnerability scans to identify weaknesses in external-facing systems and prohibiting the use of personal devices to access the network and process transactions. Businesses are obliged to ensure that equipment and networks have in place anti-malware protection and firewall functionality to protect from internet-based threats. And, should anything suspicious appear, the standards require that incident response plans are in place and that staff undergo regular training to know what to look for and how to act. Having all of these measures in place greatly reduces disruption to business operations and the risk of becoming a target for cyber-crime should a move to remote working occur again.
At PCI Telecom, we deliver card processing solutions for payments made over the phone and online that are affordable, simple to install and easy to use, integrating seamlessly with your existing systems and networks. Being cloud-based, our solutions are ideal for remote-working and provide a fully encrypted and secure environment for card transactions to take place with the added benefit of having PCI DSS Level 1 accreditation. Take a look at our Solutions page for more information or give us a call to find out more.