PCI DSS Mandates Provide Guidance for Remote Work Security
Your customers’ sensitive data has always been a prime target for cybercriminals, hence PCI DSS compliance being a must for most businesses. But when you and your competitors’ were forced to let your employees work remotely with the onset of the coronavirus pandemic, there are increased risks – and additional chances for noncompliance – that must be addressed.
There are plenty of good habits to follow as part of PCI DSS regulations that will ensure you are protecting yourself and your customers’ sensitive information as well as staying compliant with the many mandates every industry faces.
For those working from home, good cybersecurity practices are essential. For example, your organization should allow remote desktop access only over VPN with multi-factor authentication enforced. Also, you should make sure remote desktops are updated with the latest versions of antivirus software.
A solid BYOD policy is key considering everything that can happen with random devices connected to your network. You should update your incident response policy to cover anything remote work could produce.
PCI DSS Clause 6.2 already mandates companies implement effective patching programs. However, having a patch management cadence helps ensure all critical patches to remote desktops and end-point devices are applied consistently.
Another mandate of PCI DSS related to remote working is security awareness training. This training should cover VPN basics for remote workers, video conferencing security, WiFi security best practices, email security, coronavirus phishing scams and social engineering threats.
For help with PCI DSS and other compliance programs, 2W Tech has a Cybersecurity Compliance Program that is designed to support our clients’ compliance obligations. Most organizations must abide by and maintain a standard for controls that safeguard the confidentiality and privacy of information stored and processed. We work hand in hand with you to learn more about your required compliances, help obtain proper agreements and access relevant system architecture information. Give us a call today to get started on your journey to achieving compliance.