Rapid7, a newly approved BHI SecureConnect vendor for vulnerability management, is ready to support the new changes to the PCI DSS requirements starting September 1, 2010. As an Approved Scanning Vendor (ASV), BHI SecureConnect is confident that this partnership will further enhance both its quarterly vulnerability scanning solution and its ability to better serve customers.
A major change to the PCI requirements includes a new scoring system of vulnerability checks on PCI compliance scans, replacing the legacy five-point system. The PCI Council has tightened its conditions for providing proper vulnerability scans to merchants and will now regard specific weaknesses as grounds for failure, regardless of CVSS scores, because of the risks they pose for credit card holder data environments. Some of the weaknesses include an operating system no longer supported by vendors, an open access data base, default logon accounts and cross-site scripting.
“We knew that we needed a stronger scanning solution to support our customers, and Rapid7 became an obvious choice with its extensive support system and continuous view of the entire risk environment” said Blake Huebner, Director of Information Security at BHI SecureConnect.
Rapid7, who contributed to the PCI SSC Task Force during development, is enhancing its vulnerability products to support the new requirements and continuing to be the only vulnerability solution to include Web application and database scanning.
By choosing an experienced and certified ASV partner, BHI SecureConnect has stayed ahead of the curve to help meet customers’ security and PCI compliance needs. Contact us today!
1. Increased collaboration leaves bigger gaps for information to slip through.
As several new outlets are becoming more popular to access information such as mobile devices; remember to keep a strict policy on who should be allowed specific information and how it should be used, stored and protected.
2. Fundamental security basics are not continually applied.
While companies are always looking for future security tools, they are not always renewing the basics to have a strong foundation. Verizon stated that 64% of breaches could have been prevented through “simple and cheap” countermeasures while another 32% of breaches could have been prevented with “intermediate solutions.” Some recommendations to get back to a strong security core are closing gaps in situational awareness, focusing on solving old issues, and educating employees on security.
3. Be on the offense!
The typical security border is no longer effective against modern-day hackers. To be proactive in security, companies must offer a wider range of techniques such as reinforcing core strengths and being able to adapt sound practices to a changing environment. An organization must decide what proactive practices are right for them and their information before implementing any changes.
While an organization may not have the tools and internal resources to manage these evolving changes on its own, SecureConnect provides a comprehensive solution to help address these security concerns and minimize the risk of a data breach. Remember that taking on the costs of specialized security will be an investment in customers, company and brand.
Focused on providing outstanding service and support to its growing customer base, BHI SecureConnect is pleased to announce its membership with HDI, the world’s largest training and certification association for technical support professionals. BHI is confident that active participation in HDI will help further develop its support team and promote a higher degree of customer service that the company strives for on a daily basis.
Having developed a specialized platform to proactively monitor network environments 24 hours a day, 7 days a week, 365 days a year, BHI employs the highest customer support standards through skilled experts and proper training. Membership with HDI provides access to timely and valuable industry information, standards-based training and resources to better support customer service operations operations. Participation with HDI will hopefully bring improved operations to the company and positively affect BHI customers and their security and PCI compliance needs.
Contrary to popular belief, it really isn’t enough to become secure. If you are serious about maintaining your business for the long run, you will have to maintain security — something that is completely different. Maintaining security can get complicated in a world where new security threats are on the horizon all the time, but it’s something that can get easier if you have the right tools.
If you’re serious about securing the important assets of your business, you will need to first start by using a vulnerability assessment to spot critical holes in your infrastructure. From there, you will be able to see exactly what is insecure at the moment, and then fix those problems.
Naturally, you can also take a different approach with a vulnerability assessment by contracting an outside company to not just run the vulnerability assessment for you, but also to generate an action plan based on the report generated from the assessment. This is a great way to delegate your security tasks without worrying about having an insecure system.
No matter what path you ultimately choose, you will need to get started today by getting the vulnerability assessment and seeing if there are any critical holes in your infrastructure. Contact us today!
A Starbucks employee in Jakarta recently took it upon himself to stock up on iPods purchased with the credit card numbers of customers. According to police sources in Jakarta, the suspect, reprinted daily receipts that included the credit card verification value.
While the fraudster will be prosecuted and serve time, the Starbucks franchise was storing credit card verification codes (presumably after authorization), which is one of the biggest “no nos” in the Payment Card Industry Data Security Standard. The storage of the card verification code is prohibited, along with track data and PIN/PIN block. The franchise should and will be held accountable for storing the information post authorization.
Franchise owners must know what data their point-of-sale system has; it is tough to safeguard or put security and operational measures in place if you are unaware of the data. If you are a franchise owner, take the initiative and do discovery on what data you have. If you are unaware of how to do this, contact your point-of-sale vendor for discovery assistance within the POS or terminal.
Security consultants can also be of assistance and search for data beyond the POS system.
I’ll take a grande latte with that 64GB iPod touch.