For all businesses and organizations that process credit card payments, ensuring that you are following security best practices is now required. If you accept, manage, or transmit credit cards and the personal information contained in the card, you need to train your employees upon hire and annually to be PCI DSS compliant.
Employees are on the front line to protect the credit card information and their understanding of the rules and vigilance is imperative. Training all employees on the rules of PCI DSS compliance should be one of the first steps required when starting this process.
According to the PCI Security Council PCI DSS Requirement 12.6, employees must be provided PCI security awareness training upon hire and annually. This employee PCI training must be conducted yearly and can be completed in conjunction with the signing of the acceptable use policy statement.
Training all employees is important and it does not matter if your employees work at the front desk with customers or in a back office, they are equally responsible to follow the PCI DSS rules.
Employees need to be aware that if they see a problem with the way credit card data is being handled that they report this to their manager as soon as possible. This is an important piece of the PCI DSS security awareness training requirement.
Based on many of the recent credit card data breaches the employee PCI training should include important policy topics that cover:
Does your business provide PCI compliance security awareness training for its employees? If not, then you’re compromising the security of your customer’s credit card data.
Employees that are not aware of the policies are guaranteed to make mistakes and put customer data at risk. Employees are more apt to follow procedures if they understand the reasons behind them.
Basic steps include:
We can’t emphasize this enough; PCI awareness training is not a “one and done” situation. In fact, the more you teach your employees about PCI credit card data security, the more secure your business will be.
Employees generally want to understand the risk associated to the mishandling of credit card data. Encouraging employees to treat customer data as they would want their own data treated is a great start for PCI training.
It is important that employees understand the acceptable use policy statement along with all other policies associated to the handling of credit cards. Just signing the policy document without understanding the risk is not an option and the training needs to cover this.
All employees at the business need to receive PCI training. Even if they do not handle credit card information, they are still required to follow all PCI DSS policies in the course of their duties. All employees are equally responsible to ensure that security best practices are being followed at work.
If you want to protect your employees and your business from PCI DSS violations and other data breaches, contact CIFSA today at (561) 325-6050 to learn how we can help.
Founded by former Secret Service Agent and Deputy Director of the National Cyber Security Division of the Department of Homeland Security Michael Levin, The Center for Information Security Awareness (CFISA) is designed to help businesses, government agencies, and academic institutions empower their employees to fight cybercrimes. We provide personalized, engaging, compliant, and affordable training in PCI-DSS, HIPAA, InfraGard Awareness, and Cyber Security Awareness.
Remember, no matter how big or small your company is, and how well the back doors to your system are barricaded, one employee click on the wrong link, attachment, or website could open the front door. CIFSA trains your employees on the best practices to avoid potentially catastrophic data breaches.
Call us today at (561) 325-6050 to learn how we can help.
If you have been using the same “evil empire” phishing testing and snippet training for…
The Health Insurance Portability and Accountability Act (HIPAA) serves as a critical safeguard for the…
Developing the necessary skills is essential in the rapidly changing field of cyber security to…
In an era where digital threats are ever evolving and becoming more sophisticated, staying informed…
As our work environments change, many employees now work from home as well as going…
In the ever-changing landscape of cybersecurity threats, criminal groups like BlackCat and ALPHV pose a…