US stores, watch out: a data breach is lurking about

Texas-based arts and crafts chain Michaels Stores confirmed earlier this month that 2.6 million credit and debit card details had been stolen in two separate instances.  This breach followed the infamous attack on Target, a US-based department store, which affected 40 million debit and credit cards in December 2013.

The increase in cyber attacks against US stores is alarming customers, who are now more wary than ever of whom they shop with. This is a huge wake-up call for US stores across the country to strengthen their cyber security as it is only a matter of time before they are hit.

How do you propose to protect sensitive information and ensure confidence with your customers?

There are two ways you can instil trust:

  1. Comply with the PCI DSS

If you store, transmit or process payment card information, then find out more about the Payment Card Industry Data Security Standard (PCI DSS).

Compliance with this standard ensures your systems are secure and the ongoing maintenance means you are protected not just for today, but for the future as well. According to Visa Chief Enterprise Risk Officer, Ellen Richey, “No compromised entity has yet been found to be in compliance with PCI DSS at the time of a breach.”

While it is mandatory for many organizations in different parts of the world to comply with the PCI DSS, it is not required by federal law in the United States. Some states’ laws refer to PCI DSS directly, however, or make equivalent provisions.

For further information, PCI DSS: A Pocket Guide provides a quick overview for those new to the standard, while the PCI DSS v3.0 Documentation Toolkit provides all the pre-written, compliant documentation templates to make your project straightforward.

  1. Implement an ISO27001-compliant ISMS

ISO27001 is the world’s only recognized cyber security standard and provides a systematic approach to managing confidential corporate information so that it remains secure.

It describes best practice for an Information Security Management System (ISMS) and can help organizations meet all their information-related regulatory compliance objectives and help prepare them for new and emerging ones.

This standard should be used in conjunction with the PCI DSS as it provides a comprehensive solution to cyber security, protecting not just payment data, but all your vital information assets.

To read more about ISO27001, we recommend The Case for ISO 27001 which presents a compelling business case for implementing the cyber security standard. If you are ready to implement the standard, the ISO27001:2013 ISMS Standalone Documentation Toolkit provides a comprehensive set of pre-written ISMS documents that will save you months of work as you get your information security system up to speed.

Be proactive!

We are encouraging stores and businesses across America to be proactive in their fight against cyber crime and in mitigating the risk of data breaches. By taking the initiative and implementing appropriate frameworks, stores and customers alike can rest easy that their information is being safeguarded. To talk through your appropriate cyber security solutions for your business, call IT Governance on 1-877-317-3454 or email