Writing for CFO magazine, David Rosenbaum and Marielle Segarra used the Yahoo breach from earlier this year as an example. The incident resulted in 450,000 usernames and passwords being compromised, and, while that is significant, the more disturbing issue is that Yahoo failed to follow basic encryption practices when it stored users' login credentials. An affected individual has since filed suit against the company, accusing Yahoo of not taking proper data protection measures.

As the CFO writers noted, data security presents challenges for both large and small businesses. While smaller companies struggle with having the resources to allocate to IT security, larger companies have more complex infrastructures and more workers to manage. In both cases, these challenges have resulted in regrettable incidents that could easily have been avoided.

"[O]ne of the simplest ways to avoid an opportunistic data breach is to create stronger passwords (a combination of numbers and upper- and lowercase letters) and change the default credentials and administrative passwords that come with point-of-sale (POS) systems and other devices that access the Internet," the CFO columnists wrote.

Leveraging data encryption software that allows strong passphrases is one way of protecting sensitive information. Solutions that also support seamless integration with digital certificates may be particularly valuable for guarding sensitive information, since these offer a higher level of data security.

Compliance guidelines can serve as a foundation for building better security, but even those requirements are not set in stone. This means that organizations must stay aware of industry best practices, as well as any new requirements to ensure that their data is effectively guarded. Emerging technology trends can further complicate the issue by creating new concerns that companies must address.

PCI compliance in a mobile world
The Payment Card Industry Council updated PCI standards to reflect the rise of mobile payments, providing an example of how compliance goals can often shift in response to new trends. Robert Westervelt, news director at TechTarget, highlighted several of the updates and discussed the increasing adoption rates among retailers. Updates that were published in May emphasized the importance of mobile technology that supports data encryption software.

"The mobile payment movement is being largely embraced by small and midsized transient businesses, although some retailers, including Apple, are embracing mobile payment acceptance in their stores," Westervelt wrote. "Smartphone compatible payment devices are provided by a variety of vendors, including San Francisco-based Square Inc., VeriFone, PayPal and SalesVu."

As Westervelt suggested, mobile payments are becoming a reality for many retailers, and compliance guidelines have had to evolve to accommodate the trend. For companies that must meet PCI standards, utilizing data-centric security solutions can protect consumer data even as devices and platforms continue to evolve.