October 28, 2009
A thief recently stole credit card numbers from a local Pub at the corner of 151st and Metcalf. The owner of the pub is worried that this event will cost him customers and ultimately put him out of business. In my opinion, events like these are only going to become more prominent and cause more small businesses to be shut down unless they start to take their security seriously and prevent these attacks from happening.
To read the news story, click here.
June 16, 2009
It occurred to me that many business owners out there might not be aware what they have to do to be compliant with the PCI DSS (PCI data security standards). Not only will complying with the standards make your network more secure, it will help you avoid fines if you do suffer a breach. Fines for violating the PCI DSS can be stressful on your business and should be avoided at all costs. As published on the PCI Security Standards website, the six main steps to PCI DSS are:
1. Build and Maintain a Secure Network
2. Protect Cardholder Data
3. Maintain a Vulnerability Management Program
4. Implement Strong Access Control Measures
5. Regularly Monitor and Test Networks
6. Maintain an Information Security Policy
For more information on PCI DSS go to https://www.pcisecuritystandards.org/security_standards/pci_dss.shtml
June 15, 2009
There was an article in the Kansas City Star today that discussed the risks each time a retailer swipes your credit card or you enter your payment information online. According to the article, “over 70 retailers and payment processors have disclosed breaches since 2006.” A bigger problem is that there are also many retailers and payment processors out there who have suffered a breach but aren’t aware that breach occurred. These breaches are occurring to all types of businesses and most of the businesses who’ve suffered breaches were PCI compliant. According to www.datalossdb.org, breaches have recently occurred at large name retailers Sony, Batteries.com, and SprintNextel. As I have said previously on this blog, most businesses in the united states have very minimal network security. The article goes as far as saying, “the [security rules] are cursory at best and all but meaningless at worst.”