October Cyber Security Tips
IT Security Tip #51: Don’t just close your browser!
When online accessing a banking site or any other application containing sensitive data, make sure you log out of the site and THEN close your browser. If you simply close your browser, some of the session information that a hacker can use to gain entry is still running in the background.
IT Security Tip #52: Your firewall is USELESS unless…
A firewall is a device that acts like a security cop watching over your computer network to detect unauthorized access and activity – and EVERY business and individual needs one.
However, your firewall is completely useless if it’s not set up or maintained properly. Your firewall needs to be upgraded and patched on a continual and consistent basis, and security policies and configurations set. This is not something you want to try and handle on your own – you are best served by letting the pros (us!) handle that for you.
If you’re not covered, you should call us immediately to correct the error of your ways: 505-792-2375.
IT Security Tip #53: A WARNING if you handle, process or store client credit cards
If you handle, process or store credit cards in any manner, you are required to comply with PCI DSS, or Payment Card Industry Data Security Standards. This is a set of LEGAL requirements you must abide by to maintain a secure environment. If you violate them, you will incur serious fines and fees.
Are you subject to them if you take credit card payments over the phone? Absolutely! If you have clients that pay you direct by credit card, you’re subject to these laws. However, there are various levels of security standards – but thinking you don’t process enough to matter or that “no one would want to hack us” is dangerous. All it takes is an employee writing down a credit card number in an e-mail or on a piece of paper to violate a law; and then you’ll be left with legal fees, fines and the reputational damage incurred when you have to contact your clients to let them know you weren’t properly storing or handling their credit cards.
Getting compliant – or finding out if you ARE compliant – isn’t a simple matter I can outline in a 1-2-3-step checklist. It requires an assessment of your specific environment and how you handle credit card information.
A great resource is the PCI Security Standards Council, or www.pcisecuritystandards.org. If you want assistance in figuring out if you’re complaint, call us for a free assessment.
IT Security Tip #54: You’ve been HACKED! What’s the first thing you should do?
No matter how diligent you are about security, there’s always a chance you can get hacked. That’s why you need to put a plan in place NOW to protect yourself and your CLIENTS, so damage is minimized. But what should you do if you find out you’ve been hacked?
First, contact your IT department (us) IMMEDIATELY. The faster we can address the attack – and determine the extent of the data, applications and machines compromised – the better your chances are of preventing much bigger problems. We’ll go to work on containing the attack and conducting a full scan of your network.
Based on what we discover, we may advise you to contact the local FBI office and your attorney. Your legal responsibilities depend greatly on the type of data accessed. For example, if medical, financial or other confidential records were stolen or accessed, you are legally responsible for notifying those individuals that their data was compromised (your attorney can best direct you on what you need to do and how to do it).