by Felicien | Nov 2, 2020 | Education
What Is PCI Compliance?
You’re probably reading this because you looked up information on PCI compliance. This article explores how you can meet PCI requirements and secure your clients’ sensitive cardholder data.
Today’s business world is highly regulated, and while this has its upsides, there is a great deal of pressure on businesses to stay compliant with all the relevant standards. If your business processes, stores, or transmits credit card information, you need to ensure you meet all the PCI requirements.
PCI non-compliance poses a frightening host of risks such as:
Compromised data that can harm your clients and business
A severely damaged brand image
Account data breaches that could result in lower sales, and destroyed relationships
Lawsuits, government fines, insurance claims, payment card issuer fines
If you aren’t PCI compliant, don’t panic just yet. Our team has assembled this article to share what you need to start your journey towards PCI compliance. Let’s first define some important terms.
What Is PCI Compliance?
The Payment Card Industry Data Security Standards (PCI DSS) is a set of requirements designed to create a secure data environment for any business that processes, stores, or transmits credit card information. It’s a legal requirement and assigns two compliance levels for service providers (third-party vendors) and four for merchants (brands). Behind its launch in 2006 was the need to manage PCI security standards and bolster account security throughout the transaction process.
What Is PCI DSS?
The PCI Security Standards Council (PCI DSS) is an independent body that administers and manages the PCI DSS. It was created by Visa, MasterCard, American Express, JCB, and Discover. However, the responsibility of enforcing compliance falls on the payment brands and acquirers.
How Can You Achieve PCI Compliance?
PCI compliance involves consistently adhering to the PCI Security Standards Council’s guidelines (PCI DSS). PCI DSS has the following six major objectives:
Maintain a vulnerability management program
Build and maintain a secure network and systems
Regularly monitor and test networks
Protect cardholder data
Maintain an information security policy
Implement strong access control measures
Apart from 78 base requirements and over 400 test procedures, PCI compliance also has 12 key requirements.
What Are the 12 Key PCI DSS Compliance Requirements?
Use and Maintain Firewalls: Firewalls are highly effective in preventing unauthorized access to private information.
Proper Password Protections: We recommend keeping a secure device/password inventory and implementing basic precautions like regularly changing passwords.
Protect Cardholder Data: By encrypting data and performing regular scans to ensure no unencrypted data exists.
Encrypt Transmitted Data: Even data sent to known locations need to be encrypted.
Use and Maintain Anti-Virus: This is required for all devices that interact with primary account numbers (PAN).
Properly Updated Software: This includes firewalls, antiviruses, and any other piece of software.
Restrict Data Access: Cardholder information should be exclusively “need to know.”
Unique IDs for Access: These enhance security and reduce response time in case data is compromised.
Restrict Physical Access: Cardholder data needs to be kept in a secure physical location and access locked.
Create and Maintain Access Logs: You must document any activity involving cardholder information and PAN.
Scan and Test for Vulnerabilities: This will help you identify potential weaknesses at any stage of your compliance efforts.
Document Policies: Everything needs to be recorded, from equipment to software to authorized employees to access logs, and so on.
Need Reliable IT Support with PCI Compliance?
Our experienced team is eager to help your organization achieve PCI compliance and safeguard your sensitive cardholder data.
Contact us now to schedule your first PCI compliance consultation.
by Felicien | Oct 25, 2020 | Education
Getting Started With Microsoft Teams?
What drives workplace performance? A few years ago, a Stanford study published in the Journal of Experimental Social Psychology suggested that workplace performance was driven by collaboration. In fact, just the thought of collaboration was enough to improve performance. One interesting statistic: 64% of employees working collaboratively had higher success rates than those working independently.
So, what drives successful collaboration? It’s the people collaborating as much as it’s the program used to facilitate collaboration. A program that cultivates different ways to communicate, share, and grow is fundamental to success. Microsoft Teams has been proving to be critical to this end. Here’s how you get started using it.
What Is Microsoft Teams?
Microsoft Teams is a Microsoft 365 tool that allows you to meet, chat, call, and collaborate with anyone and everyone in the workplace and beyond. Microsoft Teams is more than a collaboration tool but an inclusive program with tools to create “teams” of people and content. It’s where Slack and Zoom meet, plus much more.
Though Microsoft Teams is rather new, launched in 2017, its growth has been exceptional––a testament to its unique and handy features. The number of daily active users, according to Statista, has doubled this year, “from 32 million users on March 12, 2019, to 75 million as of April 30, 2020.” Part of the growth is driven by the coronavirus pandemic but much of it, too, is simply based on the quality of the program.
How Do You Get Started with Microsoft Teams?
To get started with Microsoft Teams, you must be a cloud-based Microsoft 365 suite customer––the program is included free of charge though you can upgrade it for a fee and receive much more in the way of features.
An Overview of the Free Version of Microsoft Teams
The features included in the free version of Microsoft Teams include:
The ability to involve up to 500,000 members (per organization)
File storage of up to 2 GB per user and 10 GB of shared storage
The ability to allow guests access to the program
Person-to-person and group online audio and video calls and channel meetings
Unlimited chat messaging
Unlimited searches
Background blue on video calls (to protect privacy)
Channel meetings––these are the groups you create
The ability to shared screens during video-conferences and chats
The ability to schedule meetings
Microsoft Teams is also thoroughly integrated with most other Microsoft Programs, including Word, Excel, PowerPoint, SharePoint, OneNote, Planner (Tasks), Microsoft Lists, and Power BI. So, if your company already benefits from Microsoft 365 (or wants to start benefiting from it), it’s time to start incorporating Microsoft Teams.
An Overview of the Paid Version of Microsoft Teams
The paid version of Microsoft Teams includes all of the above and much more.
Scheduled meetings that are integrated with your company’s Exchange calendar
The ability to involve potentially unlimited members with an enterprise license
File storage of up to 1 TB per user
The ability to record the meeting (available with Microsoft Stream)
The ability to make phone calls and/or audio-conferencing
The ability to host online events for up to 10,000 participants
Cool first line worker features, like Shifts, Walkie Talkie, and more
A set of useful administration tools, like:
Tools to manage users and apps
Usage reporting fro Microsoft 365 services
99.9% financially-backed SLA uptime
User settings that are configurable and customizable.
24/7 phone and web support
Additional compliance and security features
Recommended Steps to Get Started with Microsoft Teams
You may be anxious to get started with Microsoft Teams today and, as a consequence, may want to ditch the other programs you have. But you should roll out the new program with a plan, not as a knee-jerk decision.
It’s recommended that you:
Prepare to sample Microsoft Teams by preparing your network, including licenses for all participants and configurations for Microsoft 365 or Offie 365 domain, Exchange Online, SharePoint Online, and OneDrive for Business
Create a few teams and channels (two or three). For the sake of clarity, a team is the group of people assigned to one goal while a channel is the collaboration space within the team where members get the work done.
Select a small group of people to use these teams and channels.
Install both the desktop and mobile applications so that both experience and feedback are comprehensive.
Monitor the members’ usage and analyze their feedback.
Create a plan based on this data to roll out the program to everyone in the organization.
Starting small means you can “test” it out on certain members of your company and get a good feel of the program and all that it has to offer. This process will also provide insight into how Teams work but also how to deploy the program across the whole of your company.
Why Choose Microsoft Teams?
It’s not about choice but about performance. Today, we need tools that are functional, strategic, and cost-effective. Microsoft Teams offer these things and more. For example, rather than having to spend all morning sorting through emails that are related to a number of different projects, Teams cuts out this mindless work for you by sorting information into the appropriate channels, so all messages related to the one project are already there within the work station of that one project.
Also, as work spaces diversifyy and grow, Teams promote transparency. It can be a huge challenge to keep all employees or the relevant employees updated on what’s going on organization-wide or project-specific. Teams keep everyone in the loop and minimize the need for excessive and redundant emails. As such, employees can focus more on getting work done then spending time trying to figure out how to get the work done. Teams is essentially a way to optimize productivity.
To get started on Microsoft Teams, get Microsoft Office 365. If you already have it, then download the program and start implementing the benefits of it today.
by Felicien | Oct 20, 2020 | Education
New and heightened digital threats develop every day, and having standard security software may not be enough to protect your personal data and business from exploitation from malware attacks. Businesses across industries are vulnerable to new attacks, as many security software lags behind. Hackers find ways to work around the most common security platforms to find new ways into systems to gain access to all sorts of information, and the only way to ensure that you are as protected as possible is to work with an IT expert who knows how to take the preventative measures to keep up with the latest malware developments.
One of the latest bugs causing a lot of damage to businesses is a vulnerability to the Microsoft-based cloud office platform, Microsoft 365. This platform allows businesses to push their productivity almost entirely online, giving employees access to their data from literally anywhere in the world while still collaborating in real-time. The use of cloud platforms allowed businesses to stay productive during the 2020 shutdown. The use has grown exponentially in popularity as everything from law firms, doctors’ offices, and schools have shifted as much business as possible over to the virtual platforms.
Hackers recently exploited a bug present in the multi-factor authentication system for access into the Microsoft 365 platform, which meant that there was a somewhat easily accessible back door into the otherwise secure cloud system. There is a lot of damage done when a hacker can get access to your business or personal data. Information can be stolen or deleted, which could lead to costly repairs as you spend time re-collecting data or ensuring that your employees and clients are protected from additional attacks on their finances and identity based on the type of information accessed by the hackers.
System flaws happen, and typically patches are issued to fix bugs that may allow hackers into programs — especially in the case of well-funded, popular programs like those owned by Microsoft. However, that doesn’t mean that there isn’t a chance of an attack before that patch being issued. Also, if your employees aren’t receiving guidance on keeping up with regular updates and maintenance on their work computers, they could be putting everyone at risk as those updates are how patches are installed. A single point of access through an outdated computer can allow hackers to access all sorts of data.
In the case of the latest vulnerability that impacted Microsoft 365, the issue was present in the WS-Trust, an OASIS standard that delivers security extensions and is used to renew and validate security tokens, thus ensuring identity. A bug in this system could be disastrous, allowing for the easy manipulation of security tokens and identity, allowing hackers in. The attacker could easily access mail, files, data, contacts, and more — depending on the amount of information stored on the cloud.
Working with a strong IT support team is the best way to ensure that you are protected from the latest developments in malware. Keep your computers up to date and your employees knowledgeable on the best ways to stay protected by having a strong IT support team to rely on.
by Felicien | Oct 11, 2020 | Education
What Exactly Is NIST?
No matter what industry you work in, chances are you’ve encountered the term NIST at one time or another.
It’s most often used in relation to technology and, specifically, in relation to cybersecurity.
Like many things related to these fields, NIST is both complicated and simple. It’s complicated because you have to have a bit of background to fully understand what it represents. It’s simple because once you understand this background, NIST actually makes a lot of sense.
What Is NIST?
NIST is a federal agency within the United States Government (specifically, the U.S. Department of Commerce). The acronym stands for National Institute of Standards and Technology.
As an agency, NIST was founded by Congress in 1901. Basically, it was established as a way to standardize and promote competitiveness within the fields of science and technology in the U.S. A simultaneous mission was to promote the harnessing of science and technology to improve quality of life in the U.S. and protect our economic security.
What Does NIST Have to Do With Cybersecurity?
Essentially, the National Institute of Standards and Technology has its hands in many areas of industry. But more recently — from the late 20th century up until today — it has particularly impacted how we create, use, and disseminate technology.
As computers and the Internet became more ubiquitous in recent decades, it became apparent to the government that some standardized practices needed to be established. NIST became the authoritative body that would create and disseminate these standardized practices.
According to the NIST website, “Congress has given NIST responsibility to disseminate consistent clear, concise, and actionable resources to small businesses.” That goes for all other sizes of businesses too.
In addition, NIST standards generally apply to all industries. Most importantly, where cybersecurity is uniquely concerned, NIST 800-171 was created to control unclassified government information that is being stored and/or handled by non-governmental organizations.
What Is NIST 800-171?
NIST 800-171 is a special publication that was created and is mandated by the National Institute of Standards and Technology. The goal of this publication is to maintain uniformity in how organizations handle data — especially sensitive government data.
Both small to mid-sized businesses and large enterprises should know about NIST 800-171. As a business owner or C-level executive, it’s important that you, specifically, know about it. And if you work with the federal government — either directly or indirectly — it’s absolutely critical that you know about it.
Essentially, any business that works with the government or with government information needs to be NIST 800-171 compliant. But even companies that don’t work directly or indirectly with government information can find it useful as well.
Here are the basics:
Special publication NIST 800-171 was created to protect something called “Controlled Unclassified Information.”
What is “Controlled Unclassified Information,” you ask?
Controlled Unclassified Information, or CUI, is information that is relevant to the federal government but not necessarily classified. A good example would be legal documents or technical drawings of government projects.
This is important information to keep secure, and though it is not technically “classified” and doesn’t include “state secrets,” the government has an interest in protecting it and making sure it doesn’t fall into sinister hands.
How Does a Business Stay Compliant With NIST 800-171?
We’re not going to tell you that it’s impossible to stay compliant with NIST 800-171 on your own — without the help of a managed service provider.
However … it’s much harder.
NIST compliance is not simple.
First, you have to know which information is CUI and where it is located (all copies). You then have to classify and categorize that information. After that, you have to limit access to the CUI so that only authorized workers can see and use it. You also have to encrypt it.
Once that’s done, you should implement a system of monitoring to ensure that all CUI access dates and times are logged. From there, you need a system of training that can educate your employees on all of this information and how to reduce the risk of CUI access across the board.
Interested in Discovering More About How to Stay NIST Compliant?
As we said, NIST 800-171 compliance is not simple.
It’s far easier to have a managed service provider handle it for you. If you already work with an MSP you trust, talk to them about NIST compliance. If not, get in touch with a reputable MSP in your area today. Managing your NIST compliance is something that shouldn’t wait.
by Felicien | Oct 10, 2020 | Education
Exactly a year ago today, no one would’ve thought that this many people would be working from home.
Yet, here we are.
The numbers are truly astounding. In June, the estimate was that 42% of the United States’ labor force had transitioned to full-time at-home work.
For a while, most of us thought it would only last for a few weeks … maybe a few months.
Now, it’s been half a year. And many people are beginning to ask themselves: Is there an end in sight to the working-from-home-economy?
A recent survey of 317 finance leaders and CFOs in the United States says no.
Will Working From Home Be a Permanent Transition for the Labor Force?
The survey, performed by Gartner Inc., has revealed that 74% of the surveyed leaders intend to permanently shift at least some of their employees to remote work. After all, there are many advantages to employees working at home — both for employers and employees.
Some businesses had already noticed these benefits and were already making a slow transition to this employment style. Google, for example, would often let their employees do some of their work at home. The rise of the gig economy allowed freelancers to essentially start their own businesses by finding clients on their own or going through brokers like Fiverr.
Now, the pro-work-at-home mentality is on fast-forward.
If you’ve been thinking about transitioning some of your employees to permanent at-home work, there are some things you need to know. Most notably, you’re going to need to step up your IT game as you will be relying even heavier on technology and your IT support provider.
Here are several questions you should be sure to ask yourself as you go about this shift.
1. Are we backing up?
Every business needs to back up their data. It needs to be backed up properly, often, and securely. With the proper backup solutions, even if someone accidentally deletes a file, you’ll have it duplicated somewhere else. More importantly, though, you’ll have security knowing that even if a security breach occurs, it can’t break your company entirely.
2. Do our employees know how to avoid a security breach?
Most breaches in security happen through employees. Often, phishing emails are the culprit. Your IT company should help you train your employees so that they know exactly how to avoid falling victim to a phishing email scam. Moreover, you need to teach them what to look out for and where to go if they do see something that makes them suspicious.
3. Who has access to which files?
Often, when employees work in only one area and only access networks and data storage through clean and secure access points, upper management doesn’t really confine file access. Not only should this change even if all of your employees are still working in your brick-and-mortar space, but it should definitely change now that more employees are working at home.
Whether you like it or not, many employees will be using unsecure networks and devices that do not have the proper security to keep your files safe. Therefore, you need to start limiting the number of employees with complete access to all of your data.
4. Do we have multifactor authentication enabled?
Multifactor authentication makes passwords more secure. Inevitably, you and your employees will be using passwords every day, all day. You probably have multiple passwords that you use interchangeably between home and work.
First of all, it’s important not to reuse passwords. You should have a new password for every account that you have. This goes for you, all other upper management employees, and other workers.
Second, multifactor authentication should be enabled wherever possible. This ensures security for all of your accounts and data because it requires that the individual puts both their password and the second proof of identity into the login fields when logging into a given account or device.
Which Is Better: In-House IT or Outsourcing IT to a Managed Service Provider?
All companies will have different needs concerning their IT. For some companies, having in-house IT support has historically been the best option. It allows IT workers to be there on-demand, and in-house relationships can be formed between the IT department, upper management, and workers at large. In some cases, in-house IT is absolutely necessary, even now.
For the vast majority of companies, however, the updated circumstances of 2020 have proven the value of outsourcing IT to a managed service provider. Not only are MSPs already “at-home workers,” in effect, because they aren’t directly in your employ, but they’re also used to working outside of the clients they serve.
They have all of the proper channels set up for you to communicate effectively with them at any time. In some cases, managed service providers can offer even better on-demand service as they are often available 24/7 to answer your questions or address concerns or security breaches.
One thing to keep in mind is that well-managed service providers are being nabbed up fast. Organizations across the U.S. are quickly realizing that they need reliable IT service and enhanced support for the new systems and subsequent risks that have been presented during this time of COVID-19.
Find your reliable and trustworthy managed service provider today, and start building a relationship that you can grow into. Despite these challenging times, your business still has the opportunity to grow and prosper. The right technology and the best IT support will help.
by Felicien | Oct 3, 2020 | Education
Exciting New Features Found In Microsoft Teams
It feels like an understatement to say that 2020 has ushered in a “new normal” in the workplace, and it’s undeniable that this year has fundamentally changed the way we use business tech tools. Microsoft Teams is just one example of a platform that seems perfectly poised for this moment. Offering a suite of professional collaboration tools, including video conferencing and document sharing, Teams also has robust security protections baked right into the design. Not sure if Teams are right for your team? Read on to get the details on the latest features available in Microsoft Teams:
Multi-Factor Authentication. We’ll get right to the heart of the matter; with more work happening online than ever before, it’s essential to have powerful security measures in place. While Multi-Factor Authentication (MFA) may not spark immediate delight and interest from front line workers, tech managers must encourage consistent utilization of these tools–and Microsoft Teams makes it easy to do so. In short, MFA simply requires more than a password to connect to your integrated Microsoft account. Users are prompted to provide this authentication via text message, a dedicated authenticator app, or by pushing a button on their machine. This additional step for cybersecurity protection is well integrated into Microsoft Teams, which makes changing the culture around security at any workplace easier to execute.
Video Conferencing Updates. Microsoft recently published a report on the “future of work” that highlights several key trends. Among them, video conferencing burnout is a real concern affecting productivity and remote worker engagement. In response, the latest Teams updates include several options to make the video conferencing experience more akin to connecting in person. These updates include:
Large Gallery view. Once limited to displaying just 9 participants, the latest Teams updates include the ability to show up to 49 participants at a given time using the “Large Gallery” mode.
Dynamic view. Offering interactive tools like virtual hand raising and the ability to adjust the size of various video feeds to maximize the use of the screen, this tool is especially helpful for longer meetings or presentations that focus on a few speakers and/or those using the screen share tool.
Together mode. When this view is activated, Teams users will see other meeting participants as if they are sitting together in spaces such as an auditorium or coffee shop. As an article in Business Standard puts it, this display is more than just a fun alternative to the typical square display. It’s specifically “designed to help people feel connected and, thereby, reduce meeting fatigue.”
Whiteboard. A new tool that seems to hint at the possibility of additional collaboration features in the future, the whiteboard update allows Microsoft Teams users to collaborate in real-time, even if they don’t have a touch screen. The use of “sticky notes,” plus drag and drop functionality, allows greater participation from multiple users on projects that can’t come to life over email alone.
Making the most of remote work and collaboration opportunities means finding ways for colleagues to authentically connect and keep shared work protected from data breaches. Microsoft Teams appears to be dedicated to constant improvement on both of these fronts, making their latest Office product a great go-to, with enough flexibility to engage employees who are working from home, as well as those on-site. The key to successful integration is to lead with the security features like Multi-Factor Authentication first; once the organization’s data is truly safe, real work can begin.
