Poor security procedures and tools are easy to identify when you know what you’re looking for, here’s a closer look at what restaurants need to do to create a more secure and ultimately PCI DSS compliant environment:
- Install and maintain a network firewall
- Replace vendor-supplied default
- Enact secure storage for cardholder data
- Encrypt transmitted data
- Deploy effective anti-virus software and update regularly
- Ensure all technology products are updated and patched, including IoT devices
- Create a process to identify security risks and resolve them in order of severity
- Maintain strict user-defined access control to cardholder data and establish rules and policies for user-specific access management
- Establish rules and policies for visitor/guest access management
- Restrict physical access to card data and customer information
- Compile detailed audit trails by user and event, review daily, and protect the audit trail by shipping the Logs to a secure location
- Regulate processes for remote access to cardholder data
- Establish, publish, and maintain a security policy
- Train staff according to those policies, with frequent reminders and updated training as necessary
Sound overwhelming? We hear ya. Many of these strategies are technical in nature and require security expertise to implement. Restaurants that don’t have sufficient native IT/security resources must turn to a trusted and experienced vendor that offers these services and technology tools.