To: Chief executive, anne arundel County
From: Your Name
Re: Enter Subject
Date: Enter Date
Risk Assessment Summary
Following the risk assessment conducted on Odenton’s system, several concerns regarding data safety were made and need attendance to. Data security should be a topic well known to merchants, especially those that are involved in card payments and processing. Breaches caused by an organization’s carelessness may lead to customers losing trust in the business and, could potentially attract damages and penalties from lawsuits.
Other than keeping all software updated, Odenton township should aim to curb remote, physical, and insider threats on their data. According to statistics, more than thirty billion dollars have been lost by businesses to cybersecurity breaches, and cases of insider threats are reported to have increased significantly since 2016. While remote access by hackers could be a problem, employees who lack integrity and work ethics while handling customer credit card data could be a major liability. Keeping logs for behind-the-counter activities, and giving limited access to client data to employees is advisable. Each employee should also be assigned unique log-in details to the Township system to make tracking their activities around the system.
Concerns, Standards, Best Practices
PCI’s goals on data security include protection of cardholder data, building and maintaining a secure network for enterprises, implementing strong access control measures, regular monitoring and testing of networks, and maintaining a security policy. To achieve these goals, the PCI requires that a business; installs and maintains firewall configuration, changes its default passwords, protects card holder’s data, monitors all access to network resources, restricts physical access to card data among others.
From the assessment, Odenton township has met some of the basic standards, such as keeping their software updated and having doors with locks to protect physical data. However, this barely meets the minimum PCI data security standards to protect their sensitive data, as other major factors have been overlooked. Uncertainties about remote access to the system, in-house threats, and physical protection should be enhanced. The township should aim to make their data useless to criminals, protecting it from both in-house threats and the internet.
In summary, Anne Arundel county should strive to protect the county infrastructure and residents from data breaches at all costs. This way, the residents of the county maintain their trust in the township services and the county avoids unnecessary expenses that may occur from the mentioned breaches. Some cost-effective ways to put in place data security protocols would include; having strong encryption for network vendor access which is effective and very cost-friendly and educating employees on data security and why it is important. Physically protecting in-house data using locks and safes is also cheaper than installing CCTV cameras. Having trusted business partners and knowing how to contact them is economical and ensures the safety of the county’s resources.
Security should be a priority when running any kind of business. It is vital but must necessarily not be expensive.
PCI DSS (2021). Payment Card Industry Security Standards.