• Services
    • [Tabs]
      • Application Security
        • [Column]
          • SERVICES
          • Web Application Penetration Testing
          • Mobile Application Pentesting
          • Web Services & API Assessment
          • Secure Code Review
        • [Column]
          • RESOURCES
          • [Dynamic Posts]
      • Network Security
        • [Column]
          • SERVICES
          • Network Vulnerability Assessment and Penetration Testing
          • VoIP Vulnerability Assessment & Penetration Testing
          • Wireless Penetration Testing
        • [Column]
          • RESOURCES
          • [Dynamic Posts]
      • Cloud Security
        • [Column]
          • SERVICES
          • Cloud Auditing & Hardening for AWS
          • Cloud Auditing & Hardening for Azure
          • Cloud Auditing & Hardening for GCP
        • [Column]
          • RESOURCES
          • [Dynamic Posts]
      • Threat Simulation
        • [Column]
          • SERVICES
          • Red Team Assessment
          • Red Team VS Blue Team
          • Social Engineering Assessment
        • [Column]
          • RESOURCES
          • [Dynamic Posts]
      • Container Security
        • [Column]
          • SERVICES
          • Docker CIS Benchmark Hardening
          • Container Vulnerability Assessment
        • [Column]
          • RESOURCES
          • [Dynamic Posts]
      • Compliance
        • [Column]
          • SERVICES
          • ISO 27001 Auditing
          • PCI DSS Prepardness
          • HIPAA Auditing
        • [Column]
          • RESOURCES
          • [Dynamic Posts]
  • Solutions
    • [Column]
      • ENTERPRISE SECURITY
      • Managed Security
      • DEVSECOPS SOLUTIONS
      • Continuous Secrets Monitoring
      • Continuous Container Security
      • Continuous Application Security
      • Continuous Cloud Monitoring
    • [Column]
      • RESOURCE
      • [Dynamic Posts]
  • Products
    • AppDagger
    • Strobes
  • Resources
    • Blog
    • Datasheets
    • Case Studies
    • Whitepapers
    • Podcasts
  • Company
    • [Tabs]
      • About
        • [Column]
          • Journey Timeline
          • timeline-image
        • [Column]
          • Mission,Vision, Values
          • mission-vision-image
      • Media
        • [Column]
          • Media title
        • [Column]
          • Media Image
      • Partners
        • [Column]
          • Partners title
        • [Column]
          • Partners Image
      • Careers
        • [Column]
          • Careers title
        • [Column]
          • Careers Image
  • Careers
  • Company
    • About us
    • Partners
Menu
  • Services
      • Application Security
          • SERVICES
          • applicationWeb Application Penetration Testing
          • mobile_phoneMobile Application Pentesting
          • touchWeb Services & API Assessment
          • code-syntaxSecure Code Review
          • RESOURCES
          • new-blog-post-–-11 The Return of Ryuk Ransomware
      • Network Security
          • SERVICES
          • network-1Network Vulnerability Assessment and Penetration Testing
          • telephone (1)VoIP Vulnerability Assessment & Penetration Testing
          • wireless_modem (1)Wireless Penetration Testing
          • RESOURCES
          • Web-1920-–-7 Keep Your Organization Safe From Office 365 Cyberattacks
      • Cloud Security
          • SERVICES
          • AWS-2Cloud Auditing & Hardening for AWS
          • Union-5Cloud Auditing & Hardening for Azure
          • AwsCloud Auditing & Hardening for GCP
          • RESOURCES
          • Web-1920-–-14-1536×864 3 Clear Warnings To Tell If You’re Breached
      • Threat Simulation
          • SERVICES
          • global-securityRed Team Assessment
          • firewall-1Red Team VS Blue Team
          • insights-1Social Engineering Assessment
          • RESOURCES
          • Web 1920 – 9Exploiting UN-attended Web Servers To Get Domain Admin – Red Teaming
      • Container Security
          • SERVICES
          • dockerDocker CIS Benchmark Hardening
          • constructContainer Vulnerability Assessment
          • RESOURCES
          • Web-1920-–-11 Top 7 cyber security measures that enterprises shouldn’t neglect
      • Compliance
          • SERVICES
          • global–strategyISO 27001 Auditing
          • global_finance_sterlingPCI DSS Prepardness
          • medical_1_ (1)HIPAA Auditing
          • RESOURCES
          • newPersistent XSS to Steal Passwords – Paypal
  • Solutions
      • ENTERPRISE SECURITY
      • secure–data (1) (1)Managed Security
      • DEVSECOPS SOLUTIONS
      • Secrets MonitoringContinuous Secrets Monitoring
      • Container ScanningContinuous Container Security
      • Application SecurityContinuous Application Security
      • Cloud MonitoringContinuous Cloud Monitoring
      • RESOURCE
      • Blog-background-1536×864 Why Startups Need CyberSecurity
  • Products
    • AppDagger
    • Strobes
  • Resources
    • Blog
    • Datasheets
    • Case Studies
    • Whitepapers
    • Podcasts
  • Careers
  • Company
    • About us
    • Partners
Contact

Schedule a Meeting
  • Services
    • Application Security
      • Web Application Penetration Testing
      • Mobile Application Pentesting
      • Web Services & API Assessment
      • Secure Code Review
    • Network Security
      • Network Vulnerability Assessment and Penetration Testing
      • VoIP Vulnerability Assessment & Penetration Testing
      • Wireless Penetration Testing
    • Cloud Security
      • Cloud Auditing & Hardening for AWS
      • Cloud Auditing & Hardening for Azure
      • Cloud Auditing & Hardening for GCP
    • Threat Simulation
      • Red Team Assessment
      • Red Vs Blue Team
      • Social Engineering
    • Container Security
      • Docker CIS Benchmark Hardening
      • Container Vulnerability Assessment
    • Compliance
      • ISO 27001 Auditing
      • PCI DSS Prepardness
      • HIPAA Auditing
  • Solutions
    • Enterprise Security
      • Managed Security Solutions
    • Devsecops Solutions
      • Continuous Secrets Monitoring
      • Continuous Container Security
      • Continuous Application Security
      • Continuous Cloud Monitoring
  • Products
    • AppDagger
    • Strobes
  • Resources
    • Blog
    • Datasheets
    • Case studies
    • White Papers
    • Podcasts
  • Careers
  • Company
    • About us
    • Partners
  • Contact
Menu
  • Services
    • Application Security
      • Web Application Penetration Testing
      • Mobile Application Pentesting
      • Web Services & API Assessment
      • Secure Code Review
    • Network Security
      • Network Vulnerability Assessment and Penetration Testing
      • VoIP Vulnerability Assessment & Penetration Testing
      • Wireless Penetration Testing
    • Cloud Security
      • Cloud Auditing & Hardening for AWS
      • Cloud Auditing & Hardening for Azure
      • Cloud Auditing & Hardening for GCP
    • Threat Simulation
      • Red Team Assessment
      • Red Vs Blue Team
      • Social Engineering
    • Container Security
      • Docker CIS Benchmark Hardening
      • Container Vulnerability Assessment
    • Compliance
      • ISO 27001 Auditing
      • PCI DSS Prepardness
      • HIPAA Auditing
  • Solutions
    • Enterprise Security
      • Managed Security Solutions
    • Devsecops Solutions
      • Continuous Secrets Monitoring
      • Continuous Container Security
      • Continuous Application Security
      • Continuous Cloud Monitoring
  • Products
    • AppDagger
    • Strobes
  • Resources
    • Blog
    • Datasheets
    • Case studies
    • White Papers
    • Podcasts
  • Careers
  • Company
    • About us
    • Partners
  • Contact
Menu
  • Services
      • Application Security
          • SERVICES
          • applicationWeb Application Penetration Testing
          • mobile_phoneMobile Application Pentesting
          • touchWeb Services & API Assessment
          • code-syntaxSecure Code Review
          • RESOURCES
          • new-blog-post-–-11 The Return of Ryuk Ransomware
      • Network Security
          • SERVICES
          • network-1Network Vulnerability Assessment and Penetration Testing
          • telephone (1)VoIP Vulnerability Assessment & Penetration Testing
          • wireless_modem (1)Wireless Penetration Testing
          • RESOURCES
          • Web-1920-–-7 Keep Your Organization Safe From Office 365 Cyberattacks
      • Cloud Security
          • SERVICES
          • AWS-2Cloud Auditing & Hardening for AWS
          • Union-5Cloud Auditing & Hardening for Azure
          • AwsCloud Auditing & Hardening for GCP
          • RESOURCES
          • Web-1920-–-14-1536×864 3 Clear Warnings To Tell If You’re Breached
      • Threat Simulation
          • SERVICES
          • global-securityRed Team Assessment
          • firewall-1Red Team VS Blue Team
          • insights-1Social Engineering Assessment
          • RESOURCES
          • Web 1920 – 9Exploiting UN-attended Web Servers To Get Domain Admin – Red Teaming
      • Container Security
          • SERVICES
          • dockerDocker CIS Benchmark Hardening
          • constructContainer Vulnerability Assessment
          • RESOURCES
          • Web-1920-–-11 Top 7 cyber security measures that enterprises shouldn’t neglect
      • Compliance
          • SERVICES
          • global–strategyISO 27001 Auditing
          • global_finance_sterlingPCI DSS Prepardness
          • medical_1_ (1)HIPAA Auditing
          • RESOURCES
          • newPersistent XSS to Steal Passwords – Paypal
  • Solutions
      • ENTERPRISE SECURITY
      • secure–data (1) (1)Managed Security
      • DEVSECOPS SOLUTIONS
      • Secrets MonitoringContinuous Secrets Monitoring
      • Container ScanningContinuous Container Security
      • Application SecurityContinuous Application Security
      • Cloud MonitoringContinuous Cloud Monitoring
      • RESOURCE
      • Blog-background-1536×864 Why Startups Need CyberSecurity
  • Products
    • AppDagger
    • Strobes
  • Resources
    • Blog
    • Datasheets
    • Case Studies
    • Whitepapers
    • Podcasts
  • Careers
  • Company
    • About us
    • Partners
Contact
Schedule a Meeting
  • Services
    • Application Security
      • Web Application Penetration Testing
      • Mobile Application Pentesting
      • Web Services & API Assessment
      • Secure Code Review
    • Network Security
      • Network Vulnerability Assessment and Penetration Testing
      • VoIP Vulnerability Assessment & Penetration Testing
      • Wireless Penetration Testing
    • Cloud Security
      • Cloud Auditing & Hardening for AWS
      • Cloud Auditing & Hardening for Azure
      • Cloud Auditing & Hardening for GCP
    • Threat Simulation
      • Red Team Assessment
      • Red Vs Blue Team
      • Social Engineering
    • Container Security
      • Docker CIS Benchmark Hardening
      • Container Vulnerability Assessment
    • Compliance
      • ISO 27001 Auditing
      • PCI DSS Prepardness
      • HIPAA Auditing
  • Solutions
    • Enterprise Security
      • Managed Security Solutions
    • Devsecops Solutions
      • Continuous Secrets Monitoring
      • Continuous Container Security
      • Continuous Application Security
      • Continuous Cloud Monitoring
  • Products
    • AppDagger
    • Strobes
  • Resources
    • Blog
    • Datasheets
    • Case studies
    • White Papers
    • Podcasts
  • Careers
  • Company
    • About us
    • Partners
  • Contact
Menu
  • Services
    • Application Security
      • Web Application Penetration Testing
      • Mobile Application Pentesting
      • Web Services & API Assessment
      • Secure Code Review
    • Network Security
      • Network Vulnerability Assessment and Penetration Testing
      • VoIP Vulnerability Assessment & Penetration Testing
      • Wireless Penetration Testing
    • Cloud Security
      • Cloud Auditing & Hardening for AWS
      • Cloud Auditing & Hardening for Azure
      • Cloud Auditing & Hardening for GCP
    • Threat Simulation
      • Red Team Assessment
      • Red Vs Blue Team
      • Social Engineering
    • Container Security
      • Docker CIS Benchmark Hardening
      • Container Vulnerability Assessment
    • Compliance
      • ISO 27001 Auditing
      • PCI DSS Prepardness
      • HIPAA Auditing
  • Solutions
    • Enterprise Security
      • Managed Security Solutions
    • Devsecops Solutions
      • Continuous Secrets Monitoring
      • Continuous Container Security
      • Continuous Application Security
      • Continuous Cloud Monitoring
  • Products
    • AppDagger
    • Strobes
  • Resources
    • Blog
    • Datasheets
    • Case studies
    • White Papers
    • Podcasts
  • Careers
  • Company
    • About us
    • Partners
  • Contact
Blog  ·  Compliance and Auditing  ·  Cyber Security

Essential compliance for a secure WFH model

By Supriya  Published On December 24, 2020

As the pandemic continues to spread across the globe, many organizations are bound to maintain their operations from remote locations.

Government-mandated regulations and guidelines are binding the organizations from the movement of individuals.

Whereas, for a certain type of jobs and domains, these regulations pose no great problems. However, for some sectors, it is causing a danger of non-compliance with data protection regulations and relevant industry standards.

In this situation when most of the organizations are bound to continue their work from remote locations, the Payment Card Industry Data Security Standard (PCI DSS) is considered a hurdle to achieve compliance.

The standard has a set of 12 requirements and a total of 280+ sub-requirements that helps businesses to protect their people, process, and technologies from breaches, data theft of cardholder data (CHD), and frauds.

The requirements include the need of implementing strong access control measures, protection of CHD, and maintain the InfoSec Policy.

In a recent survey by the Data Security Council of India (DSCI), it was found that 61% of the organizations in India lack structured cybersecurity training while working remotely, 50% of the cybersecurity professionals admitted that no cybersecurity training was provided by their organizations.

The question occurs here that as cybercrimes are significantly increasing specifically during the lockdown so, how the digital payment infrastructure can be protected from the compromise of user data?

Here are some of the best practices to prevent such cyber-attacks:

  1. Reduce your unwanted Email traffic.
  2. Install and maintain your basic security solution like antivirus, firewalls, and email filters to prevent known malicious IP addresses and domains.
  3. Conduct training for your employees and users on email and browser security best practices.
  4. Resisting the users not to click on the malicious links, visit any website directly, be cautious about the email attachments, and only install the approved applications.
  5. More importantly updating regularly the security solution that blocks malicious intruders and alerts you from suspicious activities such as antivirus, firewalls, malware, and spyware detection software and regularly checks that the web browser and the security software have the latest security patches installed.
  6. Use different devices for your personal use such as using social media and for your job. So, always separate your personal use devices from your work devices.
  7. Follow password hygiene, change your passwords from time to time. Use a strong password having alphanumeric characters which should be hard to guess by any other person.
  8. Use 2-factor authentication methods as many of the attacks rely on getting the passwords one way or another and requiring another form of IDs such as a security token will make it harder for hackers to falsify any account.

The Payment Card Industry Security Standard Council (PCI SSC) issued a supplement named “Protecting Telephone Based Payment Card Data” which advises organizations to ‘evaluate the additional risks associated with the processing of account data in an unsecured location and implement controls accordingly’. The supplement suggests controls to be in place while working from home on the basis of people, processes, and technologies.

Some of the best practices which can be used for the organizations which take card data from their customers on phone calls such as the BPOs-

1. Limit the data exposure

  • Employees should only use the devices which are approved and provided by their organizations whether it is a laptop, desktop, removable devices, or phones.
    This can help the organization to control the systems and technologies that are being used to complete payment processing.
  • Use of Data Leakage Prevention (DLP) measures to prevent sensitive data from misuse.
    It allows organizations to implement security policies to monitor and control any system when it is being used outside of the company network. These predefined policies help in blocking the credit card information from transferring through insecure exit points.

2. Use Drive encryptions

  • While working from home an employee would need the work material at their home to perform his job and portable data storage devices such as external hard drives and USB sticks. Such devices can be easily lost or even be stolen.
  • To prevent the data stored on these devices from falling into the hands of any wrong person, organizations need to ensure that the data which is downloaded onto them is in encrypted format only.

3. Use of IVR

  • An automated Interactive Voice Response (IVR) payment system can be used to prevent a user’s card data from exposure to the agent.
  • It is a technology where the user dials the primary account number (PAN) and the card validation code (CVV) using the keypad of their phone to complete any payment and the agent on the other side only hears the beep voice.
  • The use of a perfectly designed IVR has many benefits such as the customer may feel safer while entering their card data on IVR instead of providing it to the agent.

4. Use Webcams

  • Implementing physical security controls such as biometrics and CCTVs at an employee’s home is not possible. So, there is one way, in which the organization needs to remove the card data from the private home and remove the location from the scope as well.
  • However, this can be difficult as the whole payment process has to be changed. So, a recommendation to resolve this is that to ask the agents to use the webcams while performing the payments.

5. Use of Customer Self Service Portal

  • These are the collection of multiple functions that help the customer and are also accessible from the company’s website.
  • While using a reliable and dedicated self-service portal an agent sends a link to the customer via email or SMS. After clicking on the link the customer is redirected to the self-service portal where he enters his card details to complete the payment.
  • So, with the proper precautions in place, any organization can minimize the chances of data loss or breach. There are security awareness items that could be helpful for the employees to act safely with the organization’s vital information and resources.

Leave A Reply Cancel reply

Your email address will not be published. Required fields are marked *

*

*

The Return of Ryuk Ransomware
Previous Article
Planning Cyber Security Budget for 2021
Next Article

Industries

BFSI

Healthcare

Government

Retail & eCommerce

Information Technology

Telecommunications

Services

Application Security

Network Security

Cloud Security

Container Security

Threat Simulation

Compliance & Auditing

Solutions

DevSecOps

Managed Security

products

Strobes

AppDagger

Resources

Blog

Datasheets

Case studies

White papers

Podcasts

Company

About

Partners

Careers

Testimonials

Contact

Industries

Banking

Healthcare

Government

Retail

Technology

Telecommunications

Services

Application Security

Network Security

Cloud Security

Container Security

Threat Simulation

Compliance & Auditing

CMS Security

Solutions

DevSecOps

Managed Security

Secret Monitoring

Incident Response

Remote SOC

Products

Strobes

For CXOs

For SecOps

For Dev & IT

appdagger

SAST

DAST

Resources

Blog

Datasheets

Case studies

White papers

Podcasts

Webinars

Company

About

Media Partners

Awards

Partners

Careers

Testimonials

Contact

© 2021 WeSecureApp. All rights reserved.

logo--facebook
logo--instagram
logo--linkedin
logo--twitter

By failing to prepare, you are preparing to fail

Case Study Form
Enter the Captcha

Appdagger Case Study

Case Study Form
Enter the Captcha

Get Started!

Case Study Form
Enter the Captcha

Get Started!

Case Study Form
Enter the Captcha

Get Started!

Case Study Form
Enter the Captcha

Talk to our Delivery Head

Case Study Form
Enter the Captcha

Get Started!

Case Study Form

Strobes Case Study

Case Study Form
Enter the Captcha

Mobile app security report

Case Study Form
Enter the Captcha

Devsecops Datasheet

Datasheet Form
Enter the Captcha

Compliance & Auditing

Datasheet Form
Enter the Captcha

Get Started!

Case Study Form
Enter the Captcha

Partner with us today!

WSA_partners_with_us

Partners Brochure

WSA_partners_brochure

Enterprise Security

Datasheet Form
Enter the Captcha

Container Security

Datasheet Form
Enter the Captcha

Cloud Security

Datasheet Form
Enter the Captcha

Explore Our Work

WSA_explore_our_work
Enter the Captcha

Red Team Assessment

Datasheet Form
Enter the Captcha

Network VAPT

Datasheet Form
Enter the Captcha

Application VAPT

Datasheet Form
Enter the Captcha

Get Started!

Case Study Form
Enter the Captcha

Get Started!

Case Study Form
Enter the Captcha

By failing to prepare, you are preparing to fail

Case Study Form
Enter the Captcha

Take a peek into sample report

Case Study Form
Enter the Captcha

By failing to prepare, you are preparing to fail

Case Study Form
Enter the Captcha

By failing to prepare, you are preparing to fail

Case Study Form
Enter the Captcha

By failing to prepare, you are preparing to fail

Case Study Form
Enter the Captcha

By failing to prepare, you are preparing to fail

Case Study Form
Enter the Captcha

By failing to prepare, you are preparing to fail

Case Study Form
Enter the Captcha

By failing to prepare, you are preparing to fail

Case Study Form
Enter the Captcha

Take a peek into sample report

Case Study Form
Enter the Captcha

Take a peek into sample report

Case Study Form
Enter the Captcha

Take a peek into sample report

Case Study Form
Enter the Captcha

Take a peek into sample report

Case Study Form
Enter the Captcha

Get Started!

Case Study Form
Enter the Captcha

Take a peek into sample report

Case Study Form
Enter the Captcha

Take a peek into sample report

Case Study Form
Enter the Captcha

Take a peek into sample report

Case Study Form
Enter the Captcha

Get Started!

Case Study Form
Enter the Captcha

Get Started!

Case Study Form
Enter the Captcha

Get Started!

Case Study Form
Enter the Captcha

Get Started!

Case Study Form
Enter the Captcha

Get Started!

Case Study Form
Enter the Captcha

Get Started!

Case Study Form
Enter the Captcha
navy_bubble.png
We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it.Ok