In the past several weeks, the news has been filled with multiple compromises and hacks. Panera Bread, Delta, and Under Armor just to name a few. One of the ones that has had the most impact is the ransomware attack on the City of Atlanta.
Nobody told you when you were tinkering with a computer as a kid that when you grew up you would be doing so much documentation, did they? Now you have an email from an auditor asking for evidence that you have documented your firewall and router configurations. In the rapidly developing world of IT security, companies such as Compass IT Compliance work with you to ensure you have proper documentation to address the growing need to achieve and maintain compliance with the latest version of the PCI Data Security Standard.
One of the biggest areas that we see attacks on is the business online banking customer. There has been a marked increase in trying to compromise these accounts, primarily to abscond with the funds within the accounts, but also to execute identity theft as well. Many of these attacks are phishing and malware attacks to gain user credentials, because the truth is that while online banking services have many security controls, not all businesses take advantage of them, and the security of the business itself can be a much better target than the financial institution.
This is the third blog in a 12-part series addressing each PCI DSS Requirement and the challenges faced by companies going through the process of becoming or maintaining compliance with the PCI Data Security Standards. Click here for our blog posts on requirement 1 and requirement 2.
PCI Requirement 3 - Protect Cardholder Data!!!
Requirement 3 is a slippery slope. Its focus is around protecting the cardholder data (CHD) you may store. This presents challenges to the business if they choose to store CHD. The simple way to comply with this requirement is DO NOT STORE CARDHOLDER DATA!! We will get to some solutions on how to avoid storing cardholder data to mitigate your risk, but if you must store this data, here are 3 tips on how to navigate this requirement:
Tax season is upon us once again. Just like every other tax year, this also marks the beginning of the annual tax season scams that bad actors use to try and steal your information or steal your money. One of the more common scams they run is they attempt to impersonate the IRS and scare you into thinking that you need to pay some type of penalty or you will go to jail. Another scam that gets attention this time of year is scammers filing tax returns on your behalf and claiming your refund. While you need to be aware of both of these scams, I am going to share with you a phishing email that I received last month that is pretty legit, but there are some tell tale signs you can use to sniff out the scam and recognize that this is no good at all.