In March, the PCI Council instructed businesses to perform remote compliance assessments with added quality assurance checks. By May, the PCI SSC and the US chamber of Commerce alerted businesses for increased cases of “Skimming Attacks.”
Significant budget cuts and severe layoffs have rendered hospitality owners to move to survival mode. Increase in COVID19 infection has left hotels and resorts to accept payments through various contactless digital means. This demands compliant payment systems in light of the US government’s warnings, to ensure utmost customer trust.
In their very interesting article Angela Appleby, Scott Petree & Kyle Miller discuss five factors to assure continuous PCI compliance for businesses:
1. Assess the risk of significant changes to your environment.
2. Continue to fulfill periodic controls for compliance.
3. Create contingencies for your assessment process.
4. Plan your return to business (recovery) as usual.
5. Take good notes (document), and be prepared for next time.
After the FBI alerted businesses about the increase in cybercrime activities amid COVID19, hoteliers must now be proactive with data security compliance. Staff must therefore be equipped with all necessary knowledge to continuously maintain data security compliance in hotels.
COVID19 has already made in-person learning impossible, there is however a wealth of knowledge that hoteliers can find with official PCI training coaches. These experts certified by the PCI council are equipped with all the necessary knowledge and skills to train staff, assess risks, and detail actionable strategies for comprehensive PCI compliance.
Keeping your staff compliant is an essential step to assure data security, while developing space for constant improvement.
The first step is to ensure that hotel staff know and understand the business security model post COVID19. Understanding how processes and elements tie together to follow a single security strategy is essential for the hotel to succeed.
Staff must also be involved in security strategy once the business security model has been developed. This strategy will allow hotel staff to prioritize the goals of the data security compliance and the steps being taken to achieve it.
Staff must also be equipped to understand the synergy between hotel operations and data security compliance. Staff must understand which elements of the process create value, and must therefore prioritize the security & compliance of these elements.
Training hotel staff to document events and practices is a brilliant way for them to stay attuned with compliance mechanics. The availability of cyber-event data allows constant improvement, a word we have continually heard in popular IT frameworks like ITIL.
Regular staff training is a necessary way to keep employees updated about cyberattacks and countermeasures. Usually delivered by a certified PCI trainer, this is probably the most important step to allow staff to learn leading cybersecurity practices.
At AHT Inc. we are fortunate to have the expertise of PCI Certified Professional & Assessor M.S.Ziaee. As Director of I.T. at AHT Inc. Ziaee brings together almost 3 decades of hospitality technology experience as technology manager, cybersecurity analyst, PCI training coach, assessor, and consultant.
Even amid the COVID19 pandemic PCI compliance remains an essential step for hospitality businesses. The declining number of businesses in the USA that have not completed compliance assessments has shown an increase in number of data breaches in the country.
Contact us today to discuss compliance for your staff and hotel.
Until next time, see you again soon.
How to Keep Employees and Your Organization PCI Compliant