Security professionals intuitively think proactively. Our job is to predict and prevent what the bad guy will do next. My job specifically is to instill this mindset into you, the consumer, SMB or large corporate enterprise.
Bob Russo, General Manager and Rockstar of the
PCI Security Standards Council reminds us all in this
Business Week article that it’s not all about prevention. Sage advice below.
“Many businesses are familiar with the PCI Security Standards Council’s requirements, yet many card fraud incidents go undiscovered for long periods of time. In fact, according to Verizon’s 2009 Data Breach Investigations Report, 75% of compromises were
discovered at least weeks after the compromise.
Data security is not all about prevention; it also requires detection and monitoring. In the event of a breach or card fraud, proper monitoring can detect and eliminate additional fraud quickly. Thus, with the holiday season in full swing, it’s a great time
to reconsider your company’s log management and monitoring. Consider the following tips:
1. Ensure your organization keeps timely, accurate, and unaltered records of what has taken place within the cardholder data environment (who, what, when, and how) to protect it in the event of a data compromise and resulting investigation.
2. Monitoring also can include physical surveillance. Closed-circuit monitoring of POS terminals can detect suspicious or fraudulent behavior.
3. Even when you are at your busiest, you simply cannot afford to overlook monitoring as a primary detector of card fraud and the trigger to eliminating ongoing criminal activity.”
And my advice. For your own good, protect your identity. Get a credit freeze. Go to ConsumersUnion.org and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from
being opened in your name. This makes your Social Security number useless to a potential identity thief.
Invest in identity theft protection and prevention. Not all forms of identity theft protection can be prevented, but identity theft protection services can dramatically reduce your risk.