PCI compliance mistake to avoid
Although many organizations are working to meet PCI compliance this year, there are some mistakes, pointed out by Dark Reading that can be easily avoided.
The news source said mistakes can include not following to rule of least privilege, ignoring virtualization compliance, failing to change the vendor's default configurations and not properly defining PCI's scope. Network segmentation to tighten compliance and security is extremely important, she said.
"The most common mistakes are missing systems which are connected to in-scope systems," Tom McAndrew, executive vice president of professional services at Coalfire, told the news source. "The basic way to determine if a system is 'in-scope' is to ask yourself 'is there any way that this ‘out of scope system’ could possibly impact the security of cardholder data.” If the answer is yes, then consider it in-scope.'"
The most obvious mistake is to not comply by PCI DSS, which according to PCI Compliance Guide, can leave businesses open to fines. Penalties can be "catastrophic" to a small business, the website said.