Target's data breach is a chilling example: After the widely publicized hack, 12% of loyal shoppers no longer shop at that retailer, and 36% shop at the retailer less frequently. For those who continue to shop, 79% are more likely to use cash instead of credit cards.
According to DeMeo, Vice President of Global Marketing and Analytics at Interactions Marketing Group, shoppers who use cash statistically spend less money, hurting the company. Indeed, 26% say they will knowingly spend less than before.
So, why did Target get hacked?
There could be two reasons, either they (or one of their vendors) lacked in their IT Security implementation or their employees were not stepped through effective security awareness training. In Target's case, an employee at one of their vendors was tricked into clicking on a phishing link.
Now, let's have a look at what Target affirmed:
"Target was certified as meeting the standard for the payment card industry in September 2013. Nonetheless, we suffered a data breach."
The above statement was given by Target's President, Chairman and Chief Executive Officer (CEO), Gregg Steinhafel. The standard he is talking about here is known as PCI compliance, mandated by the Payment Card Industry.
PCI data security standard (PCI DSS) is a standard implemented to create a secure environment for electronic payments. So, any organization that is involved in payment card transactions must ensure that they are compliant with PCI DSS.
However, simply being compliant does not guarantee your network is secure. Being compliant is a baseline that you are going to build your network security on top of.
Compare it to this: You have passed your PCI audit and you are secure is like, you have a driver's license and you are a safe driver.
In both the situations, your security is not confirmed if you do not educate yourself properly.
That's right – Despite having all the technical controls in place that safeguard your customers' payment card information, the PCI standard also requires you to educate your employees about the PCI Data Security Standards.
Education is an essential step, no matter what people in the industry may say about Cyber Security Awareness Training. You should roll out an effective training program to help protect your organization against the threats you face every day.
A few weeks back, we introduced KnowBe4's Kevin Mitnick Security Awareness Training Program which aims at making employees understand the mechanisms of phishing, spear phishing, spam, malware and social engineering, and then able to apply this knowledge in their day-to-day job.
This time, we look at the module called: PCI Compliance Simplified
I worked my way through the PCI DSS Training module offered by KnowBe4. It's a web-based interactive training using real examples of credit card fraud, and how to protect your network against such attacks.
KnowBe4 developed a clear and simple training module known as PCI Compliance Simplified 2015, which is specially designed to offer companies and merchants the in-depth knowledge necessary to make decisions regarding their PCI compliance efforts.
Being compliant with PCI DSS, you have the basics in place to keep your customers' valuable payment data safe and secure and out of the hands of fraudsters. It is also required to keep your merchant account and be able to accept credit cards.
Company employees that handle PCI compliance, and who have completed this excellent on-demand, web-based course will leave with:
- a strong understanding of the intent behind each PCI requirement
- teach secure habits and best practices that will promote a secure environment
- how to apply them to their business environment
- how to stay PCI compliant with the new PCI DSS 3.0 standard
- knowledge how to avoid a data breach
"This course is for anyone that's responsible for handling credit cards in your organization and qualifies as Security Awareness Training. Especially owners, the CFO or Controller, managers and IT people in charge of credit card processing should take this course," course web page says.
The idea behind KnowBe4's PCI Compliance Simplified training module is that your business is protected at its best when every employee that may touch cardholder's data understands the importance of managing that data securely.
Also Read: Best Password Manager — For Windows, Linux, Mac, Android, iOS and Enterprise
Also Read: Best Password Manager — For Windows, Linux, Mac, Android, iOS and Enterprise
Along with the PCI Compliance Simplified training, KnowBe4 also offers a training module for any employee that is handling credit cards and needs to learn how to safely handle cards.
It's called Basics Of Credit Card Security and is meant for all employees who are taking orders on the phone, swipe cards on terminals or through devices connected to smartphones. It teaches employees to handle credit card information securely to prevent data breaches.
Different types of cards are covered, which specific elements the hackers are after, and explains how malware like keyloggers, password crackers, and spyware can endanger credit card information.
Employees are taught the rules for paper copies of credit card data, and things to remember during data entry, including things NOT to do like sending credit card information through email and text and more. A quiz ends off this 20-minute course.
These courses are an incredible time saver for busy managers. So if you want your business to be better protected and your customers' data to be secured, find out how affordable this is. Go to KnowBe4 and ask them for a quote. You will be pleasantly surprised.