The clients we work with at PCI Group all have to follow rules and regulations regarding the protection of consumer personal information. Since it’s critical to them, it’s critical to us. Data security requires a strategic commitment to safeguarding all files as they enter and sit in our systems.
To provide some best practices for our customers and all those in regulated industries, Information Security and Compliance Officer Serena Robinson shared her insights on protecting consumer personal information in this episode of Ask the Experts.
First, Serena offered advice on system monitoring. “Monitor all systems. Stay up to date on patches, on top of vulnerabilities, and security updates.”
In addition to monitoring applications companies use, they also need to include legacy systems. Serena said, “Don’t forget about legacy systems. Even if there’s no data, if they are still connected to your network, it’s a possible area for breach. If you’re not using a system, decommission it, remove all information from it, so there’s no open access.”
Regarding data exchange, Serena’s main point is to encrypt everything. “Everything you send to a vendor, make sure it’s encrypted at all times, and the entire transmission model has encryption.”
The reason encryption is so critical is because it “muddles the information,” per Serena. She explained further, “If something were to happen to that data, no one could understand it without the key. This layer of encryption changes the structure, so the raw information isn’t accessible.”