Amid the uncertainty of COVID-19, two things remain certain: Your company’s data must be protected, and you should continue to prepare for your PCI compliance audit. Here are a few simple rules to follow to ensure you are protecting data and staying compliant.
Remember to log out
Working from home can be both a blessing and a curse so you must be attentive about protecting your data.
It is imperative that you follow security protocols for your laptop and desktop just as if you were in the office. That means logging out whenever you walk away from your computer—even if you live alone. There are a lot of personal scenarios that can happen while you’re away, such as slipping on the floor and hitting your head. If you have to go to the hospital or you leave your home to go for a walk, your computer will be left vulnerable to hackers.
When you’re logged out of your computer, it’s much more difficult for your data to be accessed without removing the hard drive.
Save to a shared drive
While working from home, do not save data to your local drive—EVER. Always save your information to your company’s shared drive or network drive. Data saved on your local drive can be retrieved only if your internet connection is accessed.
Prepare for your audit
Auditors don’t have to be in a physical office setting to conduct a PCI audit. In fact, the PCI Security Standards Council has updated its guidelines for completing remote assessments due to travel restrictions during the ongoing COVID-19 pandemic.
One of the most important things to remember during this unprecedented time is that auditing does not stop when business stops. Even if your company currently is not processing transactions, you must keep your PCI records up to date. Most likely you will still have users accessing your systems and running daily reporting and settlement. These functions are required to prove the business is or is not processing data.
During your next audit, you will need to present accurate records from this time period to prove that you were compliant, and it will not be possible to go back to collect those records.
Be ever vigilant for anomalies in your data. Hacking, inside manipulation and data errors are common during times like this one.
Update hardware, software and firmware
While volume is low, now is a perfect time to update or upgrade hardware, software and firmware including:
- Operating system upgrades
- Firewall upgrades
- PEN testing
- Open Source scanning
- User access rules
- User access reviews
- Running your trending reports
- Updating system architecture documents
About the Author