A few days ago the Amazon-owned shopping website Zappos admitted that it has been hacked. Zappos customers were asked to choose new passwords and were warned that some of their personal information might have been exposed in the attack.
Although it is not yet clear how the data was compromised, this incident once again puts the issue of personal data protection and compliance into the spotlight. It also raises concerns about the insider threat that exists in potentially any organization.
According to the news website ‘CIO Today, Zappos is PCI compliant, and all transactions are authenticated and encrypted using SSL. On the other hand, this incident shows that PCI DSS compliance is only the first mandatory step in securing customers' credit cards and account information. With attackers becoming more sophisticated by the day, organizations must adopt more integrated approaches in terms of meeting the PCI DSS requirements on one hand, and educating staff on the other.
Alan Calder, CEO of IT Governance, says, “Companies should regularly educate employees about data breaches risks. This is the only way to minimise the insider threat, which is probably the reason for over 50% of data breaches. Staff should be aware not to install any unauthorised software which may be disguised as malware. They shouldn’t be opening emails from unknown sources or be sharing their passwords with others.”
“Positive, aware and well trained members of staff are a key part of ensuring that you fully comply with the PCI DSS standard and protect the crucial intellectual assets of your organization, namely your confidential information, relationships and reputation.” adds Calder.
In the current economic climate, e-learning brings direct efficiency gains to organizations. Normal training costs for instructors, meeting rooms, travel, accommodation or subsistence have been eradicated with this e-learning course. Additionally, the time staff spend away from their desks when training is minimised.
The PCI DSS Online Staff Awareness course
from IT Governance will increase employees’ awareness of the PCI DSS requirements, and will provide clear and simple explanations of what companies and individual employees must do to meet the requirements of the PCI DSS (v2.0) standard.
The 40-minute PCI DSS Online Staff Awareness course
can be taken at the employee’s desk, or at home. The e-learning course includes a test at the end comprising of 20 multiple choice questions. If staff pass, a printable certificate is awarded. However, should they not reach the pass mark first time around, staff have the opportunity to re-take the test until the pass mark is achieved.
Smaller and medium sized US companies which need to comply to PCI DSS will benefit from the PCI DSS v2.0 Compliance Toolkit
. It is specifically designed to help card payment-accepting organizations, quickly create all the documentation required to affirmatively answer the requirements of the PCI DSS as set out in the Self Assessment Questionnaire. The toolkit contains a full set of documentation templates for all of the mandatory PCI DSS policies, as well as implementation guidance and ISO 27001 cross-mapping.