According to the Information Commissioner’s Office (ICO), reported data security incidents rose significantly in the final quarter, Jan-Mar, of the 2017/18 financial year, up 17% from the previous quarter with the five most common causes put down to human error. While some of this increase could be related to greater consumer awareness of data protection in the lead up to the launch of GDPR legislation, it highlights the need for businesses to be aware of the risks associated with human error when it comes to protecting their customers’ data.
While we like to think that our staff are always alert and have the business’s best interests at heart, that might not always be the case. It only takes one careless mistake or a disgruntled employee to cause a significant amount of chaos and could cost you not only a vast amount of money to sort and pay the potential fines for breaking data protection laws but even worse, cause irreparable damage to your business brand.
So what steps can businesses take to protect themselves from human error leading to a data breach? We know that businesses find PCI DSS compliance a headache and it can be particularly challenging for small businesses, limited by budget and resources. However, believe it or not, it isn’t just about ticking boxes. Going through the process of becoming PCI DSS compliant and maintaining that compliance will help to protect your business too by ensuring that you employ robust systems and that reliable processes and procedures are in place to deal with a breach should one occur. These include:
- Creating and implementing a clear policy with regard to the handling of customer data that is adhered to by everyone from board level through to customer-facing staff. This should be communicated during the induction period and in a staff handbook with regular updates when necessary.
- Relevant and consistent training carried out regularly for new and existing staff so that all are aware of their responsibilities when it comes to protecting customer data, what they should look out for and how to deal with suspicious activity.
- An organisation-wide knowledge and understanding of data protection and PCI DSS compliance and the possible consequences if rules are broken and a breach of data occurs.
While loss of customers’ personal information is a problem, a breach of their card payment details is serious. You can remove a significant level of risk by implementing a secure card payment processing system to avoid potential mishaps with customer card details. Here at PCI Telecom, we create card payment processing solutions that are PCI DSS compliant with Level 1 accreditation. That means, as a small business, you can get a card processing solution with PCI compliance at a level equivalent to that required by your larger corporate counterparts. For payments made over the phone using our PCI Agent solution, card details are kept hidden from the call handler, encrypting them on entry by the customer via their phone keypad even though they remain on the line at all times – no need to be transferred to an external service and entirely secure. The system is cloud-based so there’s no requirement for equipment being installed on-site, keeping initial capital outlay very low. This, along with low set up costs and ongoing transaction charges makes our card processing system the perfect solution for small and medium sized business budgets.
Visit our Solutions page to find out more or get in touch today.
To read the latest statistics on reported data security incidents visit the ICO website.