| |
|
|
Home|
Blog > Archive by tag 'Internet Security'
by Kristyan Mjolsnes @ http://www.secureconnect.com . September 9, 2010 . 5:29PM
Customers at the Serious Texas Bar-B-Q restaurant were subjected to debit card fraud from a nationwide security breach earlier this year. Around 200 to 300 customers got their card information stolen from one of the four restaurant locations due to a breach in the credit-card payment system.
Serious Texas Bar-B-Q has assured guests that the problem was immediately fixed and they were not at fault, but unfortunately if the restaurant had maintained PCI compliance and implemented additional security services, it would have minimized the risk to the brand and its customers.
A solution such as SecureConnect not only protects your business and reputation but can also save owners the devastating costs associated with a data breach that can reach up to over a million dollars and ultimately harm a business and its future growth. SecureConnect is a full-service solution that offers PCI compliance, numerous security features and piece of mind to merchants at a fixed monthly rate.
As breaches like this happen to businesses similar to yours, it is imperative to not only take notice but to take action. To learn more about SecureConnect and receive a free PCI consultation, contact us today!
Filed under: Customer Support, Data Security, Internet Security, PA DSS, PCI Compliance, PCI DSS, Payment Processing, Technology | Tags: Cardholder data, Franchisee PCI Compliance, Identity theft prevention, information security, Information security practices, Internet Security, Network Security, Payment Processing, PCI Compliance, PCI requirements, PCI SSC, Security and compliance, security awareness, Security best practices, Security Breaches, Vulnerability scan
by Blake Huebner @ . September 1, 2010 . 4:30PM
Step 1 – Cut a hole in the box….
As a recent former PCI QSA (Qualified Security Assessor), it really frustrates me how many products out there that claim they will make you PCI compliant.
Directly in our market space, we have organizations claiming 90%+ compliance out of the box or compliant in xx days. Honestly, this is such a marketing gimmick. But customers fall for it.
Let’s take a look at both of these scenarios:
1. 90%+ compliance out of the box.
Let’s assume there is a PA-DSS application in place and no web facing applications. The customer is a SAQ D, which is pretty typical. Requirement 9 is primarily concerned with physical security. With 26 questions in Requirement 9, and 222 questions in a SAQ D; one is already at 88% for the starting point. So you are indicating, as a remote service provider, you able to classify and shred data and distribute and surrender badges, all without a physical presence? Really? We haven’t even addressed requirement 12 yet. Unfortunately, those that are not in the know believe this propaganda.
2. Compliant in xx days
A service provider cannot guarantee compliance in xx days. First, there are too many variables to implementation, mainly the customer itself. If a customer drags their feet on initiatives beyond a service provider’s control, there is no way to meet the timeline. In addition, compliance for PCI is not a point in time; PCI must be “operationalized”. The SAQ and ASV scans are point in time validation points, but a merchant must maintain this throughout the year.
This type of marketing makes our industry look bad as a whole. As a merchant, you are not becoming more secure with the claims that some service providers are making. While they may offer a decent solution, do not have the expectation that these service providers are the silver bullet. Service providers can assist in compliance but it is the merchant that is responsible for their own compliance. Don’t choose a solution just so you can check a box once a year. As a merchant, be concerned with having a secure environment and compliance will follow. In the long run, your organization will be better off.
Now back to my to SNL short viewing.
Filed under: Data Security, Internet Security, PCI Compliance, PCI DSS, PCI SAQ | Tags: Information security practices, Internet Security, Network Security, Payment Card Industry, payment cards, Payment Processing, PCI, PCI and QSR, PCI Compliance, PCI DSS, PCI requirements, PCI SSC, SecureConnect, Security and compliance, Security best practices
by Kristyan Mjolsnes @ http://www.secureconnect.com . August 26, 2010 . 1:01PM
Internet security is forever evolving to keep up with the changing trends and threats to protect valuable data. Reports such as, Cisco’s 2010 Midyear Security Report, the Verizon Business Security 2010 Data Breach Investigation Report and McAfee Security Journal Summer 2010 issue, have recently released some top issues to be on the lookout for.
1. Increased collaboration leaves bigger gaps for information to slip through.
As several new outlets are becoming more popular to access information such as mobile devices; remember to keep a strict policy on who should be allowed specific information and how it should be used, stored and protected.
2. Fundamental security basics are not continually applied.
While companies are always looking for future security tools, they are not always renewing the basics to have a strong foundation. Verizon stated that 64% of breaches could have been prevented through “simple and cheap” countermeasures while another 32% of breaches could have been prevented with “intermediate solutions.” Some recommendations to get back to a strong security core are closing gaps in situational awareness, focusing on solving old issues, and educating employees on security.
3. Be on the offense!
The typical security border is no longer effective against modern-day hackers. To be proactive in security, companies must offer a wider range of techniques such as reinforcing core strengths and being able to adapt sound practices to a changing environment. An organization must decide what proactive practices are right for them and their information before implementing any changes.
While an organization may not have the tools and internal resources to manage these evolving changes on its own, SecureConnect provides a comprehensive solution to help address these security concerns and minimize the risk of a data breach. Remember that taking on the costs of specialized security will be an investment in customers, company and brand.
Contact us today to secure your business!
Filed under: Data Security, Internet Security, PCI Compliance, PCI DSS, PCI SSC, Payment Processing, Technology | Tags: Cisco’s 2010 Midyear Security Report, Franchisee PCI Compliance, Information security practices, Internet Security, McAfee Security Journal, Network Security, Payment Card Industry, Security and compliance, Security best practices, Verizon Business Security 2010 Data Breach Investigation Report
by Todd Mortenson @ . August 11, 2010 . 11:37AM
Focused on providing outstanding service and support to its growing customer base, BHI SecureConnect is pleased to announce its membership with HDI, the world’s largest training and certification association for technical support professionals. BHI is confident that active participation in HDI will help further develop its support team and promote a higher degree of customer service that the company strives for on a daily basis.
Having developed a specialized platform to proactively monitor network environments 24 hours a day, 7 days a week, 365 days a year, BHI employs the highest customer support standards through skilled experts and proper training. Membership with HDI provides access to timely and valuable industry information, standards-based training and resources to better support customer service operations operations. Participation with HDI will hopefully bring improved operations to the company and positively affect BHI customers and their security and PCI compliance needs.
Contact us today to learn more!
Filed under: Customer Support, Data Security, Internet Security, PCI Compliance, Technology | Tags: HDI and BHI Advanced Internet, HDI and SecureConnect, Help Desk Institute, Information security practices, Internet Security, Network Security, PCI, PCI Compliance, SecureConnect, Secureconnect customer support, SecureConnect support, Security and compliance, Security best practices
by Kristyan Mjolsnes @ http://www.secureconnect.com . August 10, 2010 . 5:10PM
Contrary to popular belief, it really isn’t enough to become secure. If you are serious about maintaining your business for the long run, you will have to maintain security — something that is completely different. Maintaining security can get complicated in a world where new security threats are on the horizon all the time, but it’s something that can get easier if you have the right tools.
If you’re serious about securing the important assets of your business, you will need to first start by using a vulnerability assessment to spot critical holes in your infrastructure. From there, you will be able to see exactly what is insecure at the moment, and then fix those problems.
Naturally, you can also take a different approach with a vulnerability assessment by contracting an outside company to not just run the vulnerability assessment for you, but also to generate an action plan based on the report generated from the assessment. This is a great way to delegate your security tasks without worrying about having an insecure system.
No matter what path you ultimately choose, you will need to get started today by getting the vulnerability assessment and seeing if there are any critical holes in your infrastructure. Contact us today!
Filed under: Data Security, Internet Security, PCI Compliance, PCI DSS, PCI SSC, Payment Processing | Tags: Identity theft prevention, information security, Information security practices, Internet Security, Network Security, Outsourcing PCI compliance services, Payment Card Industry, payment cards, Payment Processing, PCI, PCI and QSR, PCI Compliance, PCI DSS, PCI Education, PCI requirements, PCI SSC, SecureConnect, Security and compliance, Security best practices, Security Breaches
|
|
|
