Improve Your Information Security with One Network Management Technique

by Joel Fusco @ http://www.secureconnect.com . June 8, 2010 . 9:25AM

If you’ve been in business for any length of time, then you already know the importance of information security. The concept of information security is rather straightforward — confidential information needs to stay confidential. This one single point is something that can literally make or break a company — if your customers do not feel that you’re taking the right security precautions, they may take their business elsewhere.

Yet taking care of your information security concerns isn’t as difficult as it seems at first. In fact, you can dramatically improve your information security with just one network management technique: a good access control policy.

In a nutshell, one of the biggest threats to security often stems from the wrong people having access to your confidential information. It can be completely innocent — for example, you could have users that once had the right to access certain systems, but have now moved onto another project or have left the company completely. In those cases, it’s just a good idea to disable their access — they don’t have any need to know that confidential information anymore, so their access is now simply a security hole that needs to be plugged quickly.

Proper access control is truly one network management technique that will truly pay off when it comes to strong information security practices for your company. If you put this into practice, you should have no problem getting the strong security that you’ve been looking for! In addition, this will help you better meet the PCI requirements and report successful compliance with the DSS.

Contact us for more information regarding this or any network security services!

What You Need to Know About POS Security

by Joel Fusco @ http://www.secureconnect.com . May 7, 2010 . 8:41PM

Every business has to keep security as a top priority in order to protect confidential information as well as the customers’ sensitive financial information. One area that needs special focus is definitely Point of Sale (POS) security. While some business owners believe that they only have to focus on online security when it comes to payment processing, it’s just as important to make sure that POS security is maintained as well.

One of the greatest factors that can improve POS security is stronger encryption. Many POS systems still use wireless technology that doesn’t integrate quality encryption. For example, of the most common wireless protection schemes is still WEP (Wired Equivalent Privacy) which has been proven to be quite easy to bypass with consumer-level technology. It’s better to implement strong encryption for the network to make it much harder for potential intruders to invade your network in the first place.  When it comes to POS security, you will also want to make sure that cardholder data isn’t stored directly on the POS controller, something that is also part of the Payment Card Industry Data Security Standard (PCI DSS).

Overall, the fight to increase POS security is not going to be solved overnight, but there are still things you and your company can do to boost security over the long term.

Contact SecureConnect to learn about how our solution helps you achieve PCI compliance and strengthern POS security.

Top Tips on PCI Compliance

by Kristyan Mjolsnes @ http://www.secureconnect.com . March 20, 2010 . 10:02AM

PCI compliance is all about maintaining Internet and network security during the processing of consumer credit card payments. However, there are still numerous methods, although not as obvious, through which customer credit card data can be compromised. It’s just as important to protect these aspects of credit card processing as it is to protect the more high tech aspects.

For example, if you process credit cards at a storefront terminal, you will  need to make sure that the full credit card number of a customer is never revealed on a receipt. This is a major breach of customer information that can come back to cost your company a great deal to fix. A common myth of PCI compliance is that it is only necessary for online transactions, but the truth is that PCI compliance regulations apply to all business that process credit card payments, regardless of where that location is. So that means that if you process credit cards at an open air market, you would still need to take the same steps to maintain PCI compliance as a high tech data storage corporation.

The best steps to take are often the most simplest. Ensuring that customer data isn’t exposed on customer receipts and other public-facing documents is critical. In addition, employees will need to be educated on how to properly destroy customer information records after they are no longer needed.

If you follow these steps, you should have no problem staying PCI compliant from every angle.

Common Passwords to Avoid, and Best Practices to Ensuring Password Security

by Kristyan Mjolsnes @ http://www.secureconnect.com . February 3, 2010 . 9:50PM

Unique user IDs and passwords are an important aspect of information security. They are the front line of protection for user accounts. A list recently released after a hacking incident on photo-sharing and slideshow site, RockYou.com provides insight into some of the most commonly used passwords including:

These twenty are good examples of poor password choices. Notice, many people simply chose their first name, or common number groupings. Good password policy, however, includes much more than simply avoiding the passwords listed above. A poorly chosen password can result in the compromise of a company’s entire network. Requirement 2 of the PCI DSS states, “Do not use vendor supplied defaults for system passwords and other security parameters.” Our PCI experts at BHI SecureConnect^® recommend that companies enforce strong password policies throughout their organization.

By following some simple guidelines, you can help to minimize the chance of a password breach:

• Change user passwords at least every 90 days
• Have a minimum password length of at least seven characters
• Contain both upper and lower case characters (e.g., a-z, A-Z)
• Contain at least one number
• Contain at least one punctuation character (i.e.,!,@,#,$,%,^,&,*)

Although creating a strong password is essential, maintaining its security is just as important. Never reveal passwords in messages, phone conversations, written documents, or on computer systems. Your organization should have an Information Security Policy that outlines a standard for protection of passwords.

Password Precautions

by Joel Fusco @ http://www.secureconnect.com . January 23, 2010 . 12:33AM

As security measures get more and more advanced, so too do methods to breach that security; and when it comes to password protection the arms race is escalating faster than ever. Most of us now know how to develop a password that will be difficult to guess – utilizing both cases and digits as well as letters to make it almost impossible to guess. We also know to avoid phishing scams, and to destroy any documents with our passwords written on them. At the same time it’s prudent to use different passwords for different sites and accounts so that should it be discovered then at least you won’t have compromised your security on multiple sites but just one. If using passwords on public computers or on other people’s computers, then it’s important to ensure the browser doesn’t store the password in the memory.

Having good security software such as a firewall can also help protect your passwords, as otherwise hackers and spyware can literally ’spy’ on your internet activity. By practicing PCI compliance your PC should have these basic security measures in place. In many cases, these spyware programs work by recording keystrokes that the hacker can then repeat without necessarily knowing the code. For this reason some users choose to use the added measure of writing the password wrongly, clicking onto that digit, then deleting it. This works because the mouse can’t normally be tracked meaning that the keystrokes alone don’t correspond to the password.