Whilst often derided for various reasons, PCI DSS can hold the key to addressing the cyber security challenges of the UK's small businesses.
Working on the assumption that all businesses will need payment for what ever it is they are selling, be it goods or services, the chances are they are, or will be taking that payment using cards. This will necessitate a direct or indirect relationship with an acquiring bank, all of which now provide some form of PCI DSS compliance program.
For small businesses this generally consists of portal providing access to a compliance self assessment service and the option to initiate external vulnerability scans. Most of the said programs are subscription based and in many instances mandated as part of a card acquiring contract.
This 'virtual infrastructure' represents the perfect foundation for the delivery of a more comprehensive range of cyber security support services, tailored to the needs of small businesses.
In essence the plumbing is already there, we just need to turn on the tap!
Almost all the UK’s 5.4 million small firms rate the internet as being highly important to their business, with two in three offering – or planning to offer – goods and services online. “The digital economy is vital to small businesses – presenting a huge opportunity to reach new markets and customers – but these benefits are matched by the risk of opportunities for criminals to attack businesses,” said FSB national chairman Mike Cherry. “Small firms take their cyber security responsibility very seriously, but often they are the least able to bear the cost of doing so,” he added. “Smaller businesses have limited resources, time and expertise to deal with ever-evolving and increasing digital attacks. We’re calling on government, larger businesses, individuals and providers to take part in a joint effort to tackle cyber crime and improve business resilience.”