Businesses should do more than go through motions
When it comes to maintaining PCI compliance and the security of an eCommerce website via GeoTrust SSL certificates, many companies choose to take the "check-box compliance" route, according to Dark Reading. The website said for security and compliance, there are some telltale signs of just going through the motions that companies should look to avoid.
The first sign the website points out is arguing over which standards are the best, or as Dark Reading puts it, getting caught up in minutiae and not seeing the forest for the trees.
"Some organizations claim that they take the best of various policies and then go to work on a 'deeper policy,'" Ron Gula, CEO and CTO of Tenable Network Security, told the website. "However, if you look closer at these sorts of things, they often target the union of various compliance standards and not the aggregation of all checks."
Other ways Dark Reading said companies can know they may be mailing it in, so to speak, is when they lose sleep over audits, when companies use tools geared for establishing audit trails rather than tools for prevention and having confusing logging systems without log storage for monitoring. All of these and more can be seen as clear signs that a company may need to readjust its priorities with regard to monitoring security and managing compliance.
Noam Design said using SSL certifiactes, keeping an eCommerce website up to date and using a reliable payment gateway are all ways to improve security on the website.
"If your online business is not profitable enough to afford regular website maintenance and updates, well in that case maybe your online business isn’t successful enough to justify an eCommerce website," the website said. "You’d be better off with a simple website which is much less likely to get hacked – and if it does get hacked it’s not that much of a big deal."
Companies that invest in tools like GeoTrust SSL certificates need to take measures to make sure they work in the long run.