Compass IT Compliance Blog

PCI Compliance Requirements – January 31st is Quickly Approaching


Back in April of 2016, the latest version of the PCI Data Security Standards, version 3.2, was released. This release brought many changes to the PCI compliance requirements from the previous version, many of which we outlined in our April 2016 webinar. That release was 21 months ago and represents the last revision to the PCI DSS. If that release was almost 2 years ago, why are we talking about it again at this point in time?

What is My Password? How About a Passphrase Instead?

Recently I met with a doctor who had as much paper with fancy lettering framed on their wall as anyone person could want. With all that impressive education looking down upon me, I watched as the doctor fumbled through password attempt after password attempt until ultimately and predictably being locked out. Frustrated at not being able to access the information we needed for the meeting, the doctor, again predictably, mentioned that he was forced to change his password not even an hour ago but had forgotten to update the sticky note under his keyboard. This scene is one all too familiar to IT support staff and end users alike. How do we minimize this from happening in the future? …and prevent sticky notes from being used?

The PCI Compliance Checklist - A Tool to Help You Monitor Your Compliance


Let’s face it, achieving PCI Compliance can be challenging. However, maintaining compliance with the latest version of the PCI Data Security Standards can be even more difficult. As part of the PCI Compliance process, there are many different things that an organization must do throughout the course of the year to satisfy the PCI Security Standards Council and the payment card brands. If you fail to complete the requirements outlined by the PCI Security Standards Council, there are several possible things that could happen:

Ransomware Examples - Locky is Back and Worse Than Ever!

For a period of about 18 months, Ransomware dominated the news related to information security. Companies of all sizes and verticals were under attack by cybercriminals that were looking to make a quick buck, or a lot of bucks in some cases. Then, all of the sudden, Ransomware sort of went quiet and we didn’t hear about it as much. There are numerous possible reasons for ransomware going quiet for some time. One popular thought is that these cybercriminals were further developing their malware code to become more effective. The introduction of Ransomware-as-a-Service (RaaS) has further complicated ransomware as cybercriminals buy “older” versions of this malware, “improve” upon it, and then blast it out to everyone. Ransomware is like a game of cat and mouse; cybercriminals create a version that is effective for a short amount of time, the information security world catches on and figures out how to either decrypt the ransomware and unlock the files and our anti-malware systems/email gateways/anti-virus programs identify the malware and mitigate the chances of it getting through to our systems.

Bluetooth Security - What You Need to Know About the BlueBorne Attack

Think about how much we use Bluetooth daily. Whether we are connecting our smartphones to a wireless speaker, to our car to make handsfree calls or to our Apple Watch, we use Bluetooth on a very frequent basis. In the world of Information Security, the more you use something and the more you integrate thr technology into your day to day routines, cybercriminals focus on ways to “hack” that technology so they can do what they do best: steal your information or compromise your information in some way.