According to the Wall Street Journal, early Thursday Target said that “a data breach may have affected about 40 million credit card and debit card accounts between Nov. 27 and Dec. 15.” The U.S. Secret Service is investigating the breach, which was national in scope and affected cards used in stores, not online.
It’s likely that similar attacks this holiday shopping season will be conducted against other retailers than just Target—all retailers should be actively taking steps to minimize risk and be prepared. The last thing you need is unwanted risk for your customers and negative media attention for your business.
Here are 5 steps retailers should take right now to minimize a security breach during the peak holiday season:
- Don’t panic. Thoughtful, careful planning is better than hasty action.
- Establish financial protection. Breach protection is often available for as little as $1 per day per location, and can help to cover direct costs in the event of a breach for each store location. This includes the costs associated with forensic audit, fees, fines and credit card replacement.
- Check up on the basics. Review the firewall policies of your cardholder data environment, and make sure your patching is up-to-date, that password changes are occurring, that you’re getting the logs from critical systems and they’re being reviewed for potential issues, and that you’ve performed your fourth quarter scanning and remediated any identified issues.
- Review your weaknesses. Take a look at the results of your last audit and see where you had issues—are they issues that could be exploited by an attacker, and have you taken steps to mitigate them?
- Know what you would do in the event of a breach. Have a basic plan in place, that includes who is responsible for assembling a response team, who is notified and what communications need to occur, steps that need to be taken to perform a forensic audit, complying with state breach notification laws, and engaging any needed third parties to assist.
With EarthLink PCI Compliance Validation, you can establish immediate financial protection of up to $100,000 per location in the event they are breached, up to $500,000. Our financial protection is retroactive – as long as the breach was not discovered, you will always be covered. Our service also includes a portal with all of the tools you need to validate your level of PCI compliance, including required cashier’s training, quarterly authorized scan vendor scans (ASV scans), and the self-assessment questionnaire (SAQ).
Watch this free webinar on demand to learn more about the cost and risks associated with credit card data breach, the requirements for PCI compliance, and how you can protect your business – and your customers – by assessing and validating your compliance level today.