PCI-Compliance-IT-Security

4 Signs that You’re Out of PCI Compliance

Compliance with the standards set by the Payment Card Industry (PCI) Security Standards Council can be cumbersome and flat out difficult. And the punishment for non-compliance can be stiff penalties and fines – or even worse, non-compliance could allow a hacker or data thief to get into your company’s systems and steal critical data from you or your customers. To avoid these unsavory outcomes, it is best to make sure that your business gets PCI compliant and maintain that compliance status. It is critical that you know if your company is PCI compliant so that you can keep your business protected from fines and hackers alike. Here are some of the ways that you can know if your business is not compliant. If any of these signs describe your business, then it is time to make a change and get back into compliance.

You Store Cardholder Data

Storing cardholder data means that you have highly sensitive information that can be stolen on your systems. To maintain PCI compliance, you should not save or store any cardholder data, whether in digital or written form. To avoid storing cardholder data, you can use a card reader, POS terminal, or a payment processor that doesn’t retain that information. That way, you don’t have to think about protecting or encrypting that data on your systems.

You Don’t Have A Separate Network For Payment Processing

PCI compliance can put extra pressure and security measures on your network. That’s why it is a good idea to have a separate system for your regular business connection just for payment processing. This is especially relevant if you are using IP-based credit card terminals.

You Don’t Automatically Log Customers Out

When your customers log in and make a purchase, they might be doing so on a public computer or at a public kiosk. When they leave that computer, they might forget to log out, allowing another person to stumble upon their open session and make unauthorized purchases. Make sure that you avoid these kinds of scenarios by automatically logging your users out of their sessions after a set period. If for example, users are automatically logged out after five minutes being idle, you have a significantly higher chance of stopping unauthorized purchases.

Your Employees Don’t Have Unique Login Information

To be PCI compliant, all of your employees need to have their unique login information for sensitive systems. That way, if there an issue, you know which employee was responsible.

Security Risk! Windows XP And Office 2003 Pose A Dangerous Threat To Your Business.

XP security alert

Security Alert for Windows XP. If you’re using Windows XP or Office 2003 you only have until April 8th before hackers may attack.

 

 

As a Microsoft Certified Partner, Cognoscape LLC, a Dallas based IT Security Company, would like you to know that you may very well be at risk of serious cyber attacks. Microsoft has announced that it will stop support for the XP operating system and Office 2003 software suite on April 8, 2014. Your entire business will be exposed to serious cyber attacks that can take control of your network, steal data, crash your system, and cripple your business. Many companies that we meet with don’t think they still have XP in their environment. However, what we have seen time and time again after a network review is that we typically find instances where XP still exist on their network. Postage machines, machines set up for printers, work-group machines etc. are all examples of possible security risk in a companies defense. The code has already been written… hackers are lining up right now waiting just waiting for the date.

You Must Migrate from XP and Office 2003 Before April 8, 2014. By law, all medical and financial service companies must upgrade any and all of their computer systems running XP or Office 2003. Firewalls and anti-virus software won’t protect you. According to Tim Rains, Director of Microsoft Trustworthy Computing: “XP has been a beloved operating system for millions and millions of people around the world, but after 12 years of service it simply can’t mitigate the threats we’re seeing modern-day attackers use.”—USA Today. Cognoscape, Dallas area IT Services company is offering area businesses a complimentary Security Audit. We will provide you with a comprehensive executive report detailing possible security risks and advice and recommendations on how to fix them. CLICK HERE to sign up for your Security Audit. 

Information Security and your Business

A recent study released by Symantec Corporation reveals that many small and mid-sized organizations are recognizing the importance of information security. On average, SMBs are now spending approximately $51,000 per year to protect their company information. This is a substantial increase from last year when one-third of SMBs didn’t even have antivirus protection in place. SMBs risk cyber attacks and loss of confidential data and devices.  In today’s hyper-wired world that could mean the difference between success and having to shut down.

Stephen A. Cox, President and CEO of the National Council of Better Business Bureaus states, “The average cost of fraud for self-employed and small-business owners is about $4,627.” But your bottom line isn’t the only thing at risk. By failing to protect your customer data, you could put them in danger of credit card fraud and identity theft. Below we’ll cover some simple safeguards your company can put into place to prevent information theft:

1. Employee awareness – Employees are the gateway to your company’s information. Create and implement Internet security guidelines. Then, educate your employees and make sure they are following them. This can be as simple as requiring periodic password changes to updating your employees on the latest threats and how they can prevent them.

2. Protect important business information – Use data encryption so prying eyes can’t intrude. Maintain wireless security. Limit employee access to important information such as: credit card numbers, customer information or employee records. Important data in the wrong hands could become detrimental.

3. Create a Backup and Recovery Plan – You can’t predict the future but you can be prepared for it. A virus could spread through your system or a flood could ruin your equipment. Make sure you back up your data to an external source as frequently as possible in case the unexpected occurs.

Information Security is crucial to all businesses. In recent news, the Federal Trade Commission charged social media site, Twitter, for failing to adequately safeguard user information. Their failure to protect user accounts led to account attacks on both President-Elect Barack Obama and CNN host Rick Sanchez.  Twitter has not only suffered monetary losses, but has also lost trust and respect of some of their users.

Invest in protecting your company’s data now so you don’t have to deal with a disaster later.

“When a company promises consumers that their personal information is secure, it must live up to that promise.  Likewise, a company that allows consumers to designate their information as private must use reasonable security to uphold such designations.” – David Vladeck, director of the FTC’s Bureau of Consumer Protection.