| |
|
|
Home|
Blog > Archive by tag 'Security Breaches'
by Kristyan Mjolsnes @ http://www.secureconnect.com . August 10, 2010 . 5:10PM
Contrary to popular belief, it really isn’t enough to become secure. If you are serious about maintaining your business for the long run, you will have to maintain security — something that is completely different. Maintaining security can get complicated in a world where new security threats are on the horizon all the time, but it’s something that can get easier if you have the right tools.
If you’re serious about securing the important assets of your business, you will need to first start by using a vulnerability assessment to spot critical holes in your infrastructure. From there, you will be able to see exactly what is insecure at the moment, and then fix those problems.
Naturally, you can also take a different approach with a vulnerability assessment by contracting an outside company to not just run the vulnerability assessment for you, but also to generate an action plan based on the report generated from the assessment. This is a great way to delegate your security tasks without worrying about having an insecure system.
No matter what path you ultimately choose, you will need to get started today by getting the vulnerability assessment and seeing if there are any critical holes in your infrastructure. Contact us today!
Filed under: Data Security, Internet Security, PCI Compliance, PCI DSS, PCI SSC, Payment Processing | Tags: Identity theft prevention, information security, Information security practices, Internet Security, Network Security, Outsourcing PCI compliance services, Payment Card Industry, payment cards, Payment Processing, PCI, PCI and QSR, PCI Compliance, PCI DSS, PCI Education, PCI requirements, PCI SSC, SecureConnect, Security and compliance, Security best practices, Security Breaches
by Blake Huebner @ . July 29, 2010 . 12:10PM
Hell Pizza, a New Zealand based pizza chain, recently sent out an email to its 230,000 customers to change their passwords. They believe that they have suffered a breach, but cannot yet identify the attack vector (this could be a rogue employee or poorly designed website).
While I applaud Hell Pizza for notifying their customers, since web users typically use the same email and password for websites they authenticate to, they didn’t adequately protect the information to begin with. According to sources at risky.biz, the hackers have obtained private information including passwords, email and home addresses and phone numbers, in addition to order information. Apparently, no cardholder data was obtained.
Merchants are continually trying to enhance the user experience by offering such services as online ordering. However, this can be a disservice to your customers if not properly implemented, as in the case of Hell Pizza. Developing a web site with insecure coding is a poor way to conduct business.
While representatives from Hell Pizza indicated that cardholder data wasn’t breached, it would seem likely that the online payment card flow would put their servers in scope for PCI. Vulnerability scanning, as conducted by an ASV (of which BHI SecureConnect is one) should have shown the SQL injection vulnerability (as reported by risky.biz). In addition, validation by completing the Self Assessment Questionnaire would indicate that one cannot provide direct database access from the internet (mySQL was reportedly listening on the public side), among many other violated requirements.
Hell Pizza should have conducted due diligence in assessing their security posture, and if in scope for PCI, have a contractual obligation to fulfill the PCI requirements.
This should also serve as a lesson for consumers to not use the same password for the websites that you access. A breach could potentially allow access to online banking and other personal records. Use a password databases, such as the open source (ie free) KeePass Password Safe, to keep your passwords safe and straight.
Filed under: Data Security, Internet Security, PCI Compliance, PCI DSS, PCI SAQ, PCI SSC, Payment Processing | Tags: Hell Pizza Breach, Identity theft prevention, information security, Information security practices, Internet Security, Network Security, Payment Card Industry, PCI, PCI and QSR, PCI Compliance, PCI DSS, PCI requirements, PCI SSC, Pizza Chain Breach, Pizza PCI Compliance, SecureConnect, Security and compliance, Security best practices, Security Breaches
by Kristyan Mjolsnes @ http://www.secureconnect.com . July 20, 2010 . 8:56AM
One of the most important keys of a retail establishment is the point of sale (POS). Indeed, maintaining a POS is one of the biggest factors in how much growth you can expect in the company. After all, if you aren’t able to generate sales, you can’t move your company forward.
Yet maintaining a POS is more than ensuring that the system is actually turned on. You will need to make sure that your system is actually updated properly and that POS security is maintained at all times. If your system can be compromised, it could pose serious consequences for your business from numerous directions.
Thankfully, it’s quite possible to build a strong POS security plan that’s actually realistic. The focus here is to make POS security an absolute truth within the organization, to the point where no one can look at your system and see that you don’t have the right security policies in place.
To pull that off, you may want to bring in an external company that can use their expertise in credit card security as well as POS security to ensure that you are well protected. If you take this route, you will definitely be well on your way to making POS security truly an absolute truth within your organization — get started today!
Filed under: Data Security, Internet Security, PCI Compliance, PCI DSS, PCI SSC, Payment Processing | Tags: Identity theft prevention, Information security practices, Internet Security, Network Security, Outsourcing PCI compliance services, Payment Card Industry, payment cards, Payment Processing, PCI, PCI and QSR, PCI Compliance, PCI DSS, PCI Education, PCI SSC, SecureConnect, Security and compliance, security awareness, Security best practices, Security Breaches
by Kristyan Mjolsnes @ http://www.secureconnect.com . July 15, 2010 . 10:44AM
When it comes to security, there are really only two types of people: those that get security and regard it as a high priority, and those who don’t. While it’s true that most people know that security is definitely an important issue, the truth is that there are also many people who don’t understand its importance and do not really do what it takes to make sure that they are covered.
With the rise of PCI compliance becoming the de facto standard when it comes to protecting cardholder data, it’s more important to actually implement the PCI requirements fully than to just go through the motions.
After all, the penalties of a security breach when your company was not PCI compliant can actually be very sharp. It’s better to make sure that you really do have the right PCI requirements met in the first place — it’s just cheaper that way.
However, you certainly don’t have to make the journey on your own. In fact, you can actually contract the services of an outside security firm that can handle getting all the PCI requirements in place for you, as well as helping you install solutions that make the process quite seamless.
So, are you really meeting the PCI requirements? There’s really only one true way to find out — get an outside company to check out your network from top to bottom; it just makes sense!
Contact us today!
Filed under: Data Security, Internet Security, PCI Compliance, PCI DSS, PCI SSC, Payment Processing | Tags: Information security practices, Internet Security, Network Security, Payment Card Industry, payment cards, Payment Processing, PCI, PCI and QSR, PCI Compliance, PCI DSS, PCI Education, PCI requirements, PCI SSC, SecureConnect, Security and compliance, Security best practices, Security Breaches
by Kristyan Mjolsnes @ http://www.secureconnect.com . July 7, 2010 . 10:05AM
In a feature article from Hospitality Technology, Russell Dardenne, IT Business Solutions Analyst for Smoothie King, shares his top suggestions for safeguarding network environments. Sharing the brand’s approach to network security and PCI compliance, Dardenne highlights SecureConnect as a necessary partner in the process.
An excerpt from the article:
The term “Security Breach” is a big, bad phrase that no restaurant brand wants to hear in the same breath as its own name. The real worry, however, lies in the effects a breach can have weeks, months and even years after the fact. The Smoothie King brand has confronted the challenges of network security and PCI compliance with the help of the PCI experts at BHI SecureConnect. Laying a foundation for its franchisees to follow, the company has identified some of the most important ways restaurant operators can safeguard their network environments.
Read the article from Hospitality Technology.
Learn more about PCI compliance solutions from SecureConnect.
Filed under: Data Security, Internet Security, PCI Compliance, PCI DSS, PCI SSC, Payment Processing | Tags: Franchisee PCI Compliance, Identity theft prevention, Information security practices, Internet Security, Network Security, Payment Card Industry, payment cards, Payment Processing, PCI, PCI and QSR, PCI Compliance, PCI DSS, PCI Education, PCI misconceptions, PCI requirements, PCI Roadmap, PCI SSC, SecureConnect, Security and compliance, security awareness, Security best practices, Security Breaches, Smoothie King
|
|
|
