How to protect your physical store with PCI compliance.
Top 5 Tips to boost your physical security.
1) Keep an inventory of devices
Everyday more and more companies are using mobile technology to process payments. Although this is convenient for both the business and customer, it can lead to more security issues. Ensure that you have an up to date document listing all devices that contain or connect to any card holder data you process. This should include where they are kept, which members of staff are using them and whether they can be taken off site, ensuring all the information is encrypted and protected.
2) Limit access to areas with sensitive info or equipment
All areas that store card holder data should only be accessed by employees who need it. When it comes to storing card data, make sure you only give members of staff the amount of access they need to complete their job. An example of this would be if you worked at a gym, you wouldn't give access to sensitive card data to the instructors or cleaners. You would expect only the receptionist and administrators to handle this.
3) Put together and document security policies
Implementing policies and procedures in the business to train employees on how to handle physical security is vital. This will protect you against intentional or accidental data theft. Some things that you can consider implementing are; which employee is responsible for maintaining security, who has access to the card data server and network and password change policy.
4) Training employees
Having your policies and procedures drafted up into a company document isn't going to do any good if your employees aren't following them. One of the main reasons data breaches occur is through human error. Make sure that all employees are up to date and aware of all policies relating to physical security, helping them understand the risk and consequences to the business if they don't follow them. We would recommend training members of staff on a monthly or quarterly basis, or when new systems are in place.
5) Don't forget the smaller things
A lot of data breaches happen during the day. If you think about the access that's available to cleaners and delivery men, it could be really easy for someone to gain access by impersonating an employee.
Installing privacy notifications on computers and documenting the visitors coming in and out of the business could prevent anyone entering the premises and stealing data.