Computer Intrusions – Bots. Worms. Viruses. Spyware. Malware.
Every day, criminals are invading countless homes and WAH / Home offices around the world—not by breaking down windows and doors, but by breaking into laptops, personal computers, and wireless smart devices via penetration hacks and bits of malicious code embedded into fake applications. The collective impact is staggering! Billions are lost every year repairing systems hit by such attacks. Some take down vital systems, disrupting and sometimes disabling the work of hospitals, banks, and telephone emergency services around the world. Do you see why PCI Security is now so important to your core business interests?
Protecting Your Computer Equipment / Smart Devices
Payment Card Industries Data Security Standards 5.3 on page 48 requires you to run anti-virus software. It also requires you have a fully operational firewall at the router and at the device. Requirement 1.1 on page 19. A fully qualified technician should be granted remote access to assist you with configuration of your router/modem device as well as that of your commercial or open source firewall.
A network diagram would be created and a policy formed for every Work @ Home or Home Office Employee. Every employee or business owner’s device is within scope of a proper assessment of your security liability. Beginning here will shore up the most vulnerable location where hackers may gain access. And, if you learn more, it will bring you one step closer to total PCI Security.
PCI Security Requirement 9: Restrict physical access to cardholder data
This one can get quite elaborate. It all depends on how much you value the liability of stolen equipment and stolen data! You generally should require a regular account for each person accessing the electronic device. Create one administrative account and ONLY use it while installing or modifying software. DO NOT use the administrative account as your default login. Choose and rotate your sign on password every 30 days. Use your smart device calendar to send you a reminder to do so. Secure outboard storage devices in UL listed safes and away from where you house your personal computer. Note the serial and model numbers of all electronics and store that somewhere else, also. Law enforcement will need those should your devices become stolen. There are many closed circuit video systems on Ebay and elsewhere. Most often, you can find those used at a lower cost. The requirement for video monitoring storage is at least 90 days. Time to find cloud storage? This is found on page 73 PCI Data Security Standards.
PCI Security – Appendix A Service Provider Attestation Of Compliance
If your website or web store runs in a shared hosting environment, they must also comply with PCI Data Security Standards page 107. Request a signed copy of their Attestation of Compliance or AOC as it is abbreviated and submit with your Self-Assessment Questionnaire and Scanning results to your bank or acquirer who is responsible for ensuring your compliance standards are met. There is no getting around it. Your hosting provider must provide a level of security that meets the specifications outlined in this appendix.