By Erik Nelson, PCIP
Cybersecurity is a topic-du-jour and you may be thinking “I’m PCI-compliant, so I’m in good shape!” There is a lot more to good information security than meeting PCI standards and protecting credit cards. As recent ransomware attacks have shown, if data has value to someone, hackers will try to take advantage.
What can be done to mitigate the risk of attack? From a technical perspective, meet with your head of information security or IT to ensure parking systems are properly understood and secured by technical policies and tools already in place. If you don’t have internal information-security resources, there are companies that can evaluate your policies, procedures, and technology and provide recommendations on improvement.
There are also things you can do that do not require a high level of technical acumen. Don’t ever share your passwords with others—insist on unique accounts in every system. If you are responsible for user accounts in a PARCS, make sure they are current and that old accounts are disabled and deleted. Be wary of email attachments, even those that appear to come from people you know. Talk to your insurance broker about cyber-liability insurance. If you have customer data, insurance can help you meet notification requirements (which vary by state) in the event of a breach.
If you implement a new parking technology system, involve your IT and security teams at the onset rather than the end of the project. It will save you time and money to ensure that your system is securely designed before installation.
At the end of the day, awareness and a little caution can go a long way toward mitigating the risk of cyber-attack.
Erik Nelson, PCIP, is a consultant with Walker Parking Consultants.