Everything You Need to Know About PCI Compliance

If your business wants to accept credit cards, then you’ll need to ensure you meet with Payment Card Industry (PCI) standards to ensure the security of your customer’s data.  You don’t need us to tell you how important it is that your organization keeps its customer’s credit card data secure. It’s a huge issue, as failure to do so could cause irreparable damage to your brand. If your organization suffers data breach that results in customer’s information being stolen, it will almost certainly spell the end for your business. Your organization will be in the headlines for all the wrong reasons, and it’ll be nigh on impossible to repair the damage to your reputation among consumers.  Be sure you know your PCI compliance basics in order to keep your customer’s credit card data safe and secure.
What is PCI Compliance?
PCI compliance refers to a set of guidelines for businesses to follow when they process payments via credit card. These guideline cover all of the major credit cards, including Visa, Mastercard, Discover, and American Express and indeed all of these providers mandate their use. If your company process credit card payments from these providers it must comply with PCI standards – failure to do so can lead to heavy punishments, including substantial fines and even jail time for company directors.
What Does Being PCI Compliant Mean?
There are 12 key requirements in the PCI Data Security Standard, and businesses need to comply with each of them in order to be considered “PCI compliant”. Each of the requirements addresses an important area of information security, as listed below:
  1. Install and maintain a firewall configuration to protect cardholder data
  2. Do not use vendor-supplied defaults for system passwords and other security parameters
  3. Protect stored cardholder data
  4. Encrypt transmission of cardholder data across open, public networks
  5. Protect all systems against malware and regularly update anti-virus software or programs
  6. Develop and maintain secure systems and applications
  7. Restrict access to cardholder data by business’s need to know
  8. Identify and authenticate access to system components
  9. Restrict physical access to cardholder data
  10. Track and monitor all access to network resources and cardholder data
  11. Regularly test security systems and processes
  12. Maintain a policy that addresses information security for all personnel
Helping you Meet PCI Compliance
At Cognoscape, one of the key aspects of our services is ensuring that your business is PCI compliant. As a first step, we’ll look at your network to see if it meets basic standards for security. If not, we’ll work to make sure that it does, and we’ll maintain it so it stays that way. We’ll also install software that guarantees customer’s credit card data is secure and encrypted when transferred to and from the network.
Another key step is to make sure your systems cannot be breached. PCI compliance standards require that companies maintain something called a vulnerability management system, which incorporates security measures such as antivirus and firewalls. In addition, PCI compliance means regularly testing security systems and processes. Companies are required to monitor all access to networks and cardholder data to ensure that it remains secure, and all of this ongoing work will be carried out by Cognoscape.
Cognoscape works closely with its clients to ensure their IT systems and practices never violate laws around PCI compliance. We make it our business to stay up to date with all the latest requirements, so we can ensure that you’re ready to make any changes as the government requires them.
If you need help with PCI compliance, give us a call today and let’s make sure you’re providing your customers with the protection they deserve.
pen testing

How Often Should You Be Doing Pen Testing?

When it comes to penetration testing, the most frequently asked question we get is: “How often should we do one?” The other question, unfortunately, we receive almost as often is, “Pen testing? What’s that?” Knowing your network also means knowing how often you should be testing the penetrability of your network security – because if you’re not testing its vulnerabilities, it’s very likely someone else will be.

Most Only Do It After an Attack

There are some companies out there who have never had a pen test performed, or at least can’t remember the last time. If that’s the case with you, that’s not nearly often enough. These companies often don’t even learn about “pen testing” until after they’ve been breached. At that point, the damage has been done, and the hacker likely left some unsavory gifts behind in their wake. In this event, first and foremost, your network must be purged of all malware or any lingering viruses. Next, your network security must be taken up several notches – only then should you begin your pen testing. It’s likely at that point, you’ll begin formulating a schedule for regular pen testing.

Even Regulatory Compliance Doesn’t Make It Hard

If you’re covered under PCI DSS (credit) compliance regulations, even they aren’t that demanding about pen test frequency. They usually only require pen testing to be performed once annually. That’s not often, and really well under what you should be doing to keep an eye on your security. Even your dentist tells you to come in for two cleanings a year. Shouldn’t you be at least as frequent with your network security as you are with your mouth security?

To Be Honest, Frequency of Pen Testing Depends on Your Company

No two companies are the same, and by that token, each should be judged on their own needs. It’s advisable to receive a professional evaluation from network and cyber security experts, such as Cognoscape, and listen to their recommendation. The answer you may be ultimately looking for is this: you should have a pen test performed as often as your IT consultant advises you to.

Keep hackers out with cyber security

Understanding the Mind of a Hacker

 

In the information age, hacking is the new burglary. Skilled hackers are capable of compromising your security, stealing your information, and engaging in any number of fraudulent activities from the safety of their own desk. Individuals, businesses, and even government agencies are regular targets. One of the best ways to protect your business and shore up your cyber security is to go inside the mind of a hacker. Take a look at your cyber security – as if you were trying to breach it.

Simple Errors are Easily Exploited

Just like many burglars skip houses with home security signs in the front yard, most hackers will opt for easy targets. They will pass up targets which appear to have strong, legitimate cyber security in place. By this very basic action, you can make your business significantly safer.

For example, you and your IT consultant can take steps to ensure your network can only be accessed by employees. Furthermore, as hacking becomes significantly easier with password access, require your employees to change their passwords every sixty to ninety days as a safeguard against cyber snooping. When websites ask you to include a seemingly ridiculous amount of numbers and figures in your password, their motives are pure. Passwords should be as random as possible, as those with personal significance is always riskier than something random and impersonal. If you or your employees struggle to remember longer passwords,keep track with a password management program.

Your employees should also be trained for web scamming & phishing awareness. Phishing is the act of impersonating a legitimate entity on the web in order to gain trust and personal information from a target. Hackers have become more and more talented at this, trapping many unsuspecting victims. When a popup window offers you a free iPad for the 27th time, it’s pretty easy to recognize it as a scam. However, when a perfect impersonation of a trusted website asks for your credit card information, it can easily fly under the radar.

Cyber Security Professionals are Best Equipped to Combat Hackers

DIY network security solutions are certainly helpful and may work for personal use, but as your business grows, it’s smart to enlist professional help to insulate your business from cyber threats. Hackers are innovative and crafty by nature and have learned to change methods on a daily basis. The best way to deter a hacker is to have a specialist on standby to counter his or her every move. An IT company such as Cognoscape works round-the-clock to combat hackers and shield businesses from new threats which may emerge. Cognoscape can also integrate professional deterrence strategies into your current network architecture, turning your network into a fortress.

Advancements in technology are made to make our lives easier. But each advancement presents hackers with new opportunities. Without professional insight, there might be numerous gaps in your cyber security for a hacker to exploit. We’d rather not let that happen. Drop us a line. We’d love to sit down with you to discuss all the things we can do together to keep your network safe and secure, and your business strong and prepared for the future.

pokemon go security

Pokemon Go: Global Craze or Huge Security Risk

If you see people, adults and kids alike, walking around town with their eyes locked on their phones – chances are, they’re playing Pokemon Go. The game, which was released on July 6, has been a massive success. It’s been downloaded millions of times, already overtaking the dating app Tinder, and set to shortly overtake the social network Twitter.

Using augmented reality technology, Pokemon Go fuses the real world and digital world together, allowing you to see and catch virtual Pokemon alongside real-world objects right from your phone screen. For instance, a Doduo could be peeking out from a tree just outside your house.

However, due to the app’s immense popularity, users have experienced problems such as crashing servers, freezes, and delays. On top of that, security issues have been raised. According to Adam Reeve, the principal architect at the cybersecurity analytics firm RedOwl, when users sign into Pokemon Go using their Google account (instead of registering for an account), they risk granting the game access to their entire Google account – allowing the app to see and modify nearly all the information in your account.

In response to the security issues, Niantic Labs, the company that developed the game for Nintendo, said the app’s request for full account access was a mistake. In fact, they’ve addressed the security concerns with a new update that is live in the app store.

The update fixes some security bugs that stops the popular app from requesting full access to your Google account. Now the game will only ask for basic information such as your name and email address. The update also promises more stability and patches such as:

  • Resolved issues causing crashes
  • Fixed Google account scope
  • Trainers do not to have to enter their username and password repeatedly after a force logout
  • Added stability to Pokémon Trainer Club account log-in process

Fixing the Security Issues Ahead of the Update

To revoke the full account permissions access, Pokemon Go users should go to their “My Account” Google page. From there, navigate to “Connected Apps and Sites” under “Sign-in and Security.” Then select “Manage Apps,” click on the Pokemon app, and select “Remove Access.”

President Obama taking his government stance on information technology security.

Government Stance on Information Technology Security

President Obama and his administration are talking technology. Obama is taking the time to weigh in on his observation on the exponential growth and acceleration in the tech world. The president recognizes technology as an important factor which has driven our economic growth. The Obama administration is committed to ensuring America has a thriving and growing Internet economy, and takes a stance on information technology security.

Positive Thoughts for Information Technology

Information technology is the systematic process implemented to measure systems constructed to securely protect and safeguard information –business and personal data, voice conversations, still images, motion pictures, and multimedia presentations. The Obama Administration has publicly declared their encouragement of Internet innovation, protection of consumer choice, and the importance of defending free speech. The Administration created the Internet Policy Task Force to bring together the technology industry, consumer groups, and policy experts to help ensure the Internet stays reliable and trustworthy for consumers and businesses.

President Obama has declared that “cyber threat is one of the most serious economic and national security challenges we face as a nation” and that “America’s economic prosperity in the 21st century will depend on cybersecurity.” To help the country meet this challenge and to ensure the Internet can continue as an engine of growth and prosperity, the Administration is implementing the National Strategy for Trusted Identities in Cyberspace. The Administration also released the International Strategy for Cyberspace to promote the free flow of information, the security and privacy of data, and the integrity of the interconnected networks, which are all essential to American and global economic prosperity and security.

 

Businessman pressing a SOX Compliance concept button

Top 5 Signs You’re Out of SOX Compliance

The Sarbanes-Oxley Act (SOX) became effective in 2006 and was implemented to hold all USA corporations accountable for their internal financial auditing controls to the Securities and Exchange Commission. This federal law was passed in response to a number of major corporate and accounting scandals. The Sarbanes-Oxley Act itself is organized into eleven sections, but sections 302, 404, 401, 409, 802 and 906 are the most important in terms of compliance. Failure to comply with regulations can result in fines up to $10 million and 30 years in prison for a corporation. We have compiled five signs for you to reference in order avoid the extensive civil and criminal penalties for non-compliance.

5 Signs You’re Non-SOX Compliant:

You Don’t Periodically Report the Effectiveness of Safeguards

Stated in Section 302.4.D you are required to have officers continuously generate a report based off the efficiency of the security system and clearly state their findings.

You Don’t Disclose Security Safeguards to Independent Auditors

Stated in Section 404.A.1.1, you are obligated to select auditors and hold them accountable to review control structures and procedures for financial reporting. All information that correlates with security framework and parties responsible for the operation of the security framework must be disclosed to the auditors.

You Don’t Disclose Failures of Security Safeguards to Independent Auditors

Stated in Section 404.B, you are required by auditors to be aware of and report on any drastic modification to internal controls and/or significant failures that could immediately affect internal controls.

You Don’t Ensure that Safeguards are Operational

Stated in section 302.4.C this demands that appointed officers are testing the durability of internal controls within 90 days prior to the previous report. This security framework needs to be constantly reviewed and made verified.

You Don’t Establish Verifiable Controls to Track Data Access

Stated in section 302.4.B this section requires internal controls over data, so that officers are aware of all relevant data. Data must exist in an internally controlled and verifiably secure framework.

If you have any questions on whether or not your company is in SOX compliance, allow Cognoscape to verify for you. Call and learn more today!

 

Silhouette of men on the duck hunting with his hunting dog highly advance tech gadgets.

Arming Your Hunting Dog with the Coolest Tech Gadgets

Are you ready for the hunt? Is your partner your hunting dog? There are traits every champion hunting dog should possess before he steps out on the field. But if you are ready to take you best pal to the next level, you should arm him with some of the coolest tech gadgets.

Love of Fetch

Finding the perfect hunting dog that possesses a keen sense of playing fetch is a number one trait! He should have an instinctive nature to chase the scent of game, but with the electronic handheld wind meter Wind Wizard II, you’ll be able to detect wind speed at a great value and help your dog accurately determine his trajectory of pursuit.

Great Nose

Every great champ needs to be able to sniff out his prize. If you’re looking to gain the upper hand over the game, look no further. Ozonics Hunting machine is a silent fan that circulates oxygen molecules into ozone molecules. This nifty tech gadget can be used next to a treestand or ground blind and covers the scent of you and your pup.

Disciplined

A winning dog is one who is the most disciplined. Do your buddy a favor and get him an odorless gas cartridge repellant. This simple tech gadget will keep mosquitoes and other flying insects away so he can focus on the hunt.

Genetically Gifted

Those who got the juice are born with the juice. The tech gadget, Garmin Astro, will help you stay connected to your hunting dog 24/7. The transmitter collar allows him freedom of tuning in to his naturally gifted talents while you track where he is running, sitting, or treeing a bird.

Water Lover

Perfect hunting dogs are not afraid of water or of gun shots. The Contour HD video camera is waterproof and rugged, and it fits snuggly behind the neck of your dog. This will help you watch what he was able to see the moment after take off.

Energetic

Your hunting dog is ready to go at the snap of a twig and has a thirst to catch his prey. Make his job that much easier with the Swann Outback Cam that straps to a tree and captures both video and photos. He will be able to exert his energy positively and more efficiently.

Having second thoughts if your canine is up to handle all these technical gadgets? Partner up with some IT experts who will focus on your business while you focus on helping your hunting dog.

Patient release of information form with HIPAA compliance regulations documents. Names, serial numbers, and/or dates, are random and any resemblance to actual products is purely coincidental.

Top 5 Signs You’re Out of HIPAA Compliance

HIPAA compliance refers to a set of regulations by the Health Insurance Portability and Accountability Act which sets the guidelines designed to protect important medical documents. Similar to constant technology updates, there are continual changes regarding HIPAA regulations. If you have any follow up questions or concerns in regards to HIPAA compliance, check out this handy checklist for protecting the privacy of personal health information. Here is a quick overview to check to see if you are currently out of HIPAA compliance.

Access Control

Have you assigned a unique name or number for identifying and tracking user identity? You should establish procedures that will help you obtain protected health information in case of an emergency. By implementing software that encrypts and decrypts electronic health information, you are ensuring clients’ protection.

Audit Controls

If you have not implemented tracking software that records and examines activity in information systems, which is the set of information resources that share the same common functionality,  then you are not properly protecting electronic health information.

Person or Entity Authentication

Do you have procedures that will confirm a person or entity who is seeking access to protected health information? Have you established policies and procedures that safeguard electronic health information from improper alteration or destruction? Be sure to implement appropriate security measures to guard against unauthorized access to electronic protected health information to ensure that documents are not modified without detection or improperly disposed of.

Transmission Security

Are you able to implement software to encrypt electronic health information whenever deemed appropriate? This will encompass all of the administrative, physical, and technical safeguards in your information systems.

Failure to follow HIPAA compliance can result in civil and criminal penalties. Make sure you are following the law and properly protecting the health information of individuals. If you are feeling lost, we will be able to help you get back on track. Call Cognoscape  today for a free consultation.  

 

motion-sensors-security

Using Motion Sensors To Protect Your Home

The Incorporation of Motion Sensors in Home Security Systems

More people than ever are using technology to protect their homes and businesses. If you wanted to have a security system back in the day, the best you could do was analog video, which produced tapes that you could evaluate at a later date. But technological advances have come far enough to where you can have a digital video security system that live-streams directly to your smartphone, tablet, or computer over the internet. One of the biggest new features that homeowners and business leaders are taking advantage of is motion sensors. Motion sensors take technology that used to only be available to the military, and make it available to those who want to keep their homes or enterprise facilities safe from intruders. Although motion sensors are primarily used as anti-theft technology, they have other uses too — such as informing you if a teenager has missed curfew and is arriving home late or alerting you if a customer has entered your business. Motion sensor technology works by using microwave pulses, infrared sensors, or a combination of both to detect movement. Once detected, notifications are sent to your monitoring center, letting you know exactly where the motion was found.

Different Types of Motion Sensors

There are several different types of motion sensors that you can use to keep your home or business safe. Passive infrared, or PIR motion detectors, detect body heat. They are the most common form of motion detectors used in home-based security systems. Microwave, or MW motion detectors, are another option. They send out microwave pulses, which reflect off of a moving object, tripping the sensor. Although these sensors can cover large areas, they aren’t as widely used because they are prone to electrical interference issues. There is also the option of choosing a dual technology motion sensor, which combines both of the features of the MW and PIR sensors.

Different Ways You Can Use Home Security Systems

Although motion sensor technology is typically used to protect against theft and home invasion, you can also use them for other purposes. You might connect your motion sensors to your lights, for example, and save money by only having the lights on while you are moving in a particular room. You can use motion detectors to restrict the movement of pets or small children while you are in the house as well. Motion sensors can alert you to when a friend or neighbor is at the door, so you know to expect them before they ring the doorbell. Motion sensors are versatile and can meet all of your home/business security and safety needs.

smart-guns-obama-executive-order

New Obama Executive Order Creates Investment In Smart Guns

Obama’s New Executive Order

President Obama has long been frustrated by the lack of gun legislation in Congress and earlier this month, he announced an executive order that would clarify some existing laws already on the books. President Obama’s new executive order will expand background checks to include gun shows and some private sales, which previously allowed buyers and sellers to come together and complete a transaction without doing a background check. President Obama will be hiring more ATF agents and other federal agents to ramp up enforcement of gun laws. But the President also did something else fascinating — he created an investment in smart gun technology.

The Investment in Smart guns

President Obama’s interest in smart gun technology is not accidental. The President knows that while stricter gun legislation and potential penalties would be nearly impossible to pass through Congress, smart gun technology could make sense for responsible gun owners, law enforcement, and the greater population alike. The executive order creates three directives for federal departments on smart guns:

  • It authorizes research and development spending
  • Departments must now review the availability of gun safety technology and possible improvements
  • It permits research on how smart technology can limit gun-related homicides

Smart gun technology is appealing because it uses sensors that can read fingerprints or radio waves to determine who is authorized to use the weapon. Some smart guns are even using more complex indicators, such as grip recognition. This technology could keep guns out of the wrong hands and prevent violence if guns are stolen or sold illegally.

Detractors

Even though President Obama’s executive order was applauded by many, some groups have claimed it is illegal and unnecessary. Among these groups are the NRA, which is perhaps Congress’s strongest lobby. There are legitimate concerns about the accuracy of smart gun technology, but perhaps extensive research could curb some of those fears.

What is the Future Of Smart Gun Technology?

In the future, smart gun technology could be incorporated into all federal agencies. Once the federal government proves that smart gun technology is accurate and can work within its departments, it will likely filter down through the states and to the US population as states and localities pass their own laws. President Obama’s hope is that smart guns will eventually have legislation in Congress, making the technology a key component in owning a firearm.