The holidays are around the corner and tis the season for data breaches and scammers. Now is the time to review your security protocols and make sure that you maintain your Payment Card Industry Data Security Standard or PCI Compliance as it is normally called.
Don't feel left out if this the first time that you have about PCI Compliance. Most people don't find out about it until it is too late but PCI is a set of security standards that all businesses, including nonprofits, that process, handle or store credit card data must comply with to ensure that payment card information is handled securely.
Data breaches at big businesses deliver splashy headlines but small businesses and nonprofit organizations are just as likely to be victimized. In today's fast-paced work environment, it is easy to overlook security or put in on the back burner to focus on more important tasks like running your organization or fundraising. But you owe it to your donors to take security seriously and safeguard their information because data breaches are expensive and hard to recover from. Taking a financial hit and a loss in public trust can be extremely detrimental to your organization and undermine your mission.
If you accept credit cards through online donation forms or other means you have a responsibility to your donors to ensure that their information is handled in a secure manner. It is important not to be negligent by mishandling another person’s credit card information. Not only can it cost you thousands of dollars, but you will also lose the public’s trust.
Below we detail 5 steps that every organization should take to protect critical data and credit card information
1. Protect your network with a Firewall - A firewall protects and secures your network infrastructure. After installation, it is important that you schedule regular updates to ensure that your software stays current.
2. Develop an overall company-wide policy regarding PCI Compliance - Make sure that your employees and volunteers understand the importance of securing cardholder data and are practicing security protocols daily.
3. Update your passwords - It is critical that you always change the default password on new installations and then put in policies that require password updates every 90 days. According to a report by Verizon, 22% of data breaches involved the use of stolen credentials.
4. Make sure that any 3rd party provider or vendor is aware of your PCI Compliance policies and are meeting them - Enforcing your internal standards on external vendors will help ensure that there are no holes in your defenses.
5. Assign responsibility for compliance - Make sure you have a person in place to ensure that policies and procedures are being implemented and followed. It is important to put in place regular compliance checks so that standards do not get lax and employees do not get complacent.
Data Breaches by the Numbers
• 1,224 Data breaches occurred in the US in 2018 (statista)
• 445.6 million records were exposed in 2018 (statista)
• A cyberattack occurs every 39 seconds (University of Maryland)
• The average cost per lost or stolen record in a data breach is $148 (IBM)
• 93% of malware comes from email (Verizon)
To learn more about PCI Compliance please visit pcistandards.org