Do you comply with PCI?
PCI, what is it? - (PCI DSS) stands for Payment Card Industry Data Security Standard which was set by the Payment Card Industry Security Standards Council (PCI SSC) in 2006 and focuses on improving payment account security.
Do I need to do it? – If you accept, transmit or hold any cardholder data, then yes. No matter how large or how often you do transactions. PCI compliance is split into 4 merchant levels depending on the amount of transactions you do (fewer than 20K, 20K to 1M, 1M to 6M and last 6M +).
In general make sure you have trusted trading partners and train your staff in regards of payment data security. Put the right policies in place and confirm you are using the right technology.
Also make sure your PCs are updated and you do not have any outdated software installed on them, have a good antivirus installed to protect yourself from malware. Look out for phishing emails, they are a common delivery vehicle for malware. Close down any remote access that is not necessary too.
More than 80% of data breaches involve stolen/or weak passwords (*Verizon 2017 DBIR), so change your passwords often and make sure they are strong.
Further information can be found at https://www.pcisecuritystandards.org/ and https://www.pcicomplianceguide.org/faq/ . It will give you an insight into which Self-Assessment to complete and also answer most of your questions.