Many organizations have been preparing for January 1st, 2015, when version 3.0 of Payment Card Industry’s data security standard (PCI DSS) will come into effect.
PCI guidelines are very important for small and medium businesses and organizations that process credit and debit cards (whether directly or indirectly).
However, meeting the data security standard doesn't necessarily mean an organization meets and maintains compliance. Businesses should stay on top by preventing intrusions with the following PCI best practices:
1. Maintain compliance for security: Businesses want to look good, which means that they often forget the purpose of meeting PCI DSS compliance is to maintain security of card-holder information and not just to achieve a favourable Report on Compliance (ROC).
2. Have a compliance manager: A designated person or team should have the resources and authority to manage security within a business. This might mean engaging with certain personnel and continuous collection of evidence that shows compliance and effectiveness of PCI DSS.
3. Make security a part of the company's culture: Fulfilling PCI DSS compliance is often not enough to secure all risks. Make a habit of protecting an organization's data and infrastructure and implement risk assessment processes, especially during big changes to the IT environment.
4. Monitor security controls and measure success: Have a consistent and continuous documentation of the status of security controls, including the implementation and effectiveness of it. Automated control monitoring tools may be helpful and aim to develop metrics used analyze success and effectiveness of your security. Measure implementation (how many systems have password security), effectiveness (how many vulnerabilities have been patched) and impact (how much return is there for your security efforts).
5. Be prepared: Organizations need to be able to respond immediately following security control failures. Have steps set up to restore operations to normal as soon as possible, and then identify the cause of the failure. Then follow up with better security and higher monitoring frequency. When business objectives change or if a key IT security personnel leaves your organization, have change-management practices prepared and analyze associated risk.
6. Commit to security: Maintaining compliance is critical for organizations, but it also means businesses and their executives need to co-ordinate efforts in sustaining that compliance. Allocate enough resources to be successful in building an ongoing PCI DSS program.
Graphic from NAC
Startup Week is back in Vancouver, with featured events including Devlops Day, Insights on Innovation, Techvibes Tech Fest Jobfair, Fireside Chat with Dan Martell (founder of Clarity), Vancouver Impact, and much more. (View the full schedule here.)
We’re excited to be attending these events that feature workshops to help startups and tech businesses. Canadian Web Hosting is a big supporter of new businesses and host for many small to big ones, many of which have been with us from the beginning of their ventures.
With Canadian Web Hosting, startups can rely on experts for guidance and tech support so that you can focus on building your new product and growing business.
Founder and General Manager of KATS Sy Silverberg, is a retired physician. At age 72, he and his wife Catarina wanted to give back to their community and so they started their own non-profit society to provide children in poor financial circumstances with an opportunity to play tennis for free.
Board of Tennis BC presents Sy Silverberg with 2014 "Excellence Award"/KATS
Sy wanted to help these children foster physical, emotional, and social well-being. He believed in setting kids up for success so that they can develop a sense of self-worth and self-esteem. Physical activity would also provide significant benefits in a society where childhood obesity is climbing at an alarming rate.
Besides free equipment and instruction, KATS employs the Tennis Canada “progressive tennis” approach. KATS uses age-appropriate racquets, courts, and balls because adult-intended equipment can be overwhelming and frustrating for younger people to use. Sy believes that this will help build their confidence, especially for those who are not “natural athletes”.
Through their partnership with local community centres and inter-cultural centres, KATS has instructed 112 kids and conducted 97 hours of lessons in their first spring and summer of operation. Sy plans to work with six lowest-income schools in the near future and anticipate that close to a 1000 kids will sign up with KATS next spring.
For more information on Society for Kids at Tennis, visit them at kidsattennis.ca.
Canadian Web Hosting is a leading managed hosting company that specializes in hosting business and enterprise-class clients. One of only a few SAS70 Type II and CICA 5970 certified service providers in Canada, Canadian Web Hosting delivers a secure and scalable service delivery for a diverse range of companies throughout Canada.
The European Union (EU) and Canada supervises the private sector’s use of personal data while the US has minimal regulation of their private sector. Canada’s privacy laws focuses on “individual autonomy through personal control of information” (Techvibes).The US focuses more on protection from the government while Europe tends to protect their dignity and public image (Identity Bureau Trulioo).
In addition to two federal laws in Canada that protect personal information, there are also provincial laws in Alberta, British Columbia and Quebec that are similar to PIPEDA (Personal Information Protection and Electronic Documents Act). These laws set out ground rules for how private sectors may collect, use, or disclose personal information in a commercial setting. Unlike the US, Canada’s strict privacy laws are recognized by the EU and privacy compliance is overseen by privacy commissioners and ombudsmen at both the federal and provincial levels (Techvibes).
So what does this mean for businesses in Canada?
In today's business market, service organizations are looking for a partner who can help them deploy IT infrastructure services and have the necessary controls and measures that comply with their local and corporate requirements. One of Canadian Web Hosting's core missions is to help businesses meet their SSAE 16 certification requirements (formerly the SAS70), which meets the new international service organizations standards for Type I and Type II reporting.
The Auditing Standards Board of the American Institute of Certified Public Accountants (AICPA) issues the SSAE 16 Type II (formerly SAS 70) to service organizations that typically offer outsourced services. An auditor's report details the ability for a service provider's ability to offer adequate controls and safeguards when they host or process data belonging to their customers.
The CSAE 3416 certification is issued under Canadian Institute of Chartered Accountants (CICA), Canadian Standard on Assurance Engagements (CSAE) 3416 to service organizations that typically offer outsourced services. An auditor's report details the ability for a service provider's ability to offer adequate controls and safeguards when they host or process data belonging to their customers.
Okay... then what does this mean for our customers?
Customers can now outsource web-hosting services including Dedicated Servers, virtual servers (VPS), CA Cloud Servers and/or Shared Hosting to a provider that already meets SSAE 16 requirements. In doing so, you can focus your company's time, money, and manpower on core functions that will drive additional revenue to your business. Here are some examples of Canadian Web Hosting's SSAE 16 compliance controls and physical security that our hosting environment supplements:
- Facilities and asset management
- Logical access and access control
- Network and information security
- Computer operations
- Backup and recovery
- Change and incident management
- Organizational and administrative controls
- Security policies, reporting, and monitoring
- Physical and logical security
Canadian Web Hosting is the industry leader in delivering 100% Canadian web hosting solutions for businesses requiring a SSAE 16 certification with their web hosting environment. When combined with our enterprise-grade web hosting hardware, and a securehosting environment that features many leading technologies including our Unified Security Services, Canadian Web Hosting will help you achieve compliance.
- SSL capability
- Enterprise-level, application level protection
- Hardware/Software firewall
- IP-Restricted FTP
- Managed backups with guaranteed retention
- Advanced 24/7monitoring
- Multi-level intrusion prevention (IPS/IDS)
- Anti-Spam, Anti-Malware, Anti-Virus
- Log Management
Switching web hosting providers can mean that you prefer to keep your domain registered with the same company for easier customer support. In this case, the domain gets renewed with the new registrar for an additional X number of years and you don’t have to lose the remaining time with the previous registrar that’s already paid for.
So you already have a domain but think transferring it is too complicated? It’s actually way easier than you’d think.
First, log into your current domain registrar or web hosting account, which is typically the place where you can view your account details.
On this registrar backend, you should be able to locate an option to unlock your domain name.
Once unlocked, find your EPP code, also in the backend. Provide this code to your new registrar or web hosting company.
The new registrar will then use your EPP code to pull the domain from your old registrar. They will also see the domain’s owner contact information, i.e. your email address.
Your new registrar will then send an email notification to the email associated with the domain and all you have to do is check this email and verify that you are indeed transferring your domain to a new hosting company. (Just note that domains transferred less than 60 days ago cannot be transferred again until after the wait period.)
Once verified, your new and old registrars will take 3-5 days to transfer your domain. Sit back and relax while they do all the work.
For more help on web hosting and domain registration with Canadian Web Hosting, contact us at 1-888-821-7888 or email firstname.lastname@example.org.