2018 renews focus on security and privacy with APP and PCI DSS requirements. So here are some best practices to protect your business and customer data.
Never share your password. In fact, put this in your employee contracts! Where you can, force complex passwords and periodic password changes.
Procedures around logins are also critical: regularly review staff login time stamps to identify anomalies – to help here, make it a business rule to log out of all systems at the end of each day. With virtually all staff having smartphones, take advantage of 2-Factor-Authorisation (2FA) to prevent logins from unauthorised sources. Use an IP lock-down feature to tie user logins to a specific computer/IP address.
When employees leave your business, terminate their logins as part of your exit procedures.
Only collect personal information as required, and use that information for the purposes for which it was collected. Store data in a secure environment and ensure all data transfers are encrypted. Use firewalls, secure working environments and prevent unauthorised access of personal information by applying role or login restrictions. And don’t forget to use up-to-date virus scanning tools.
Most importantly, be a PCI DSS-compliant business using encryption software. This will ensure rigorous procedures are in place to provide maximum security when handling customer data as well as when processing customer payments.
Remember, constant technology upgrades in security and privacy are at your disposal, so use them!
- This article originally appeared in the 23-February 2018 edition of “Travel Daily”