Many organizations have been preparing for January 1st, 2015, when version 3.0 of Payment Card Industry’s data security standard (PCI DSS) will come into effect.
PCI guidelines are very important for small and medium businesses and organizations that process credit and debit cards (whether directly or indirectly).
However, meeting the data security standard doesn't necessarily mean an organization meets and maintains compliance. Businesses should stay on top by preventing intrusions with the following PCI best practices:
1. Maintain compliance for security: Businesses want to look good, which means that they often forget the purpose of meeting PCI DSS compliance is to maintain security of card-holder information and not just to achieve a favourable Report on Compliance (ROC).
2. Have a compliance manager: A designated person or team should have the resources and authority to manage security within a business. This might mean engaging with certain personnel and continuous collection of evidence that shows compliance and effectiveness of PCI DSS.
3. Make security a part of the company's culture: Fulfilling PCI DSS compliance is often not enough to secure all risks. Make a habit of protecting an organization's data and infrastructure and implement risk assessment processes, especially during big changes to the IT environment.
4. Monitor security controls and measure success: Have a consistent and continuous documentation of the status of security controls, including the implementation and effectiveness of it. Automated control monitoring tools may be helpful and aim to develop metrics used analyze success and effectiveness of your security. Measure implementation (how many systems have password security), effectiveness (how many vulnerabilities have been patched) and impact (how much return is there for your security efforts).
5. Be prepared: Organizations need to be able to respond immediately following security control failures. Have steps set up to restore operations to normal as soon as possible, and then identify the cause of the failure. Then follow up with better security and higher monitoring frequency. When business objectives change or if a key IT security personnel leaves your organization, have change-management practices prepared and analyze associated risk.
6. Commit to security: Maintaining compliance is critical for organizations, but it also means businesses and their executives need to co-ordinate efforts in sustaining that compliance. Allocate enough resources to be successful in building an ongoing PCI DSS program.
Graphic from NAC
Most businesses have their own website now and it is essential that the web-hosting provider is secure so data and business isn’t lost through malicious hacking or downtime. But how do we choose a reliable web-hosting company? Here are some factors to consider:
1. Customer support
If any issues arise, whether your site is down or data is missing, it is essential that your web-hosting provider is there to support you. Settle for nothing less than 24/7 customer support so that your issues can be resolved in a timely manner. Make sure you can get help anytime and wherever you are located.
Check out the web-hosting provider’s guarantee of uptime. You want a reliable service and your website to have maximum exposure to potential business. Where 100% server uptime does not exist (if a company guarantees that, it is false), there are definitely web-hosting providers that will meet expectations of 99.9% - 99.99999% guaranteed uptime. Also make sure they provide backup services or other options to secure your data.
Just like when we shop for any other product, we want to have the freedom to return something we don’t like or doesn’t fit our needs. Look for web-hosting companies that offer at least a 30-day guarantee or pro-rated money back guarantee. This trial period will let you cancel your service early with less penalty.
Check out the web-hosting provider’s website. A solid company will offer you flexible plans and a variety of packages to suit your needs. Compare the prices and inquire about differences in rate. If you’re looking for a web-hosting plan to resell web space, make sure there are reseller plan options.
5. Extra charges
Are there limitations in your plan, such as bandwidth? Providers will often charge extra when you exceed your plan restrictions and as a result, your site could go offline. Check and compare that these prices are reasonable and that the company will keep your site online when these charges are paid off.
Once you have narrowed down a few choices, chat with the sales representatives to inquire about discounts and special offers. Many providers will offer free software installers or domain names.
Finally, check reputability of a company. Instead of using forums or other unreliable sources, consider looking into accredited business directories with ratings, such as the Better Business Bureau.
Next week, our maintenances are at our our Vancouver data centre.
Electrical Maintenance: February 18-20
The window are: Monday, February 18 to Wednesday, February 20, from 8:00 to 16:00 PST, daily. This maintenance is necessary to perform readings on all electrical circuits and infrastructure and it is non service impacting.
AC Maintenance: February 18-22
The windows are: Monday, February 18 to Friday, February 22, from 06:00 to 18:00 PST, daily. This maintenance is required to perform our quarterly preventative maintenance and is non service impacting.
Electrical Maintenance: February 20-21
The windows are: Wednesday, February 20, from 23:00 PST to Thursday, February 21, 06:00 PST. This maintenance is required to perform the quarterly major UPS and battery testing. It is non service impacting.
Electrical Maintenance: February 23
The windows are: between 20:00 to 22:00 PST. This maintenance is required to transfer the building chillers to generator during an upcoming testing in order to ensure newly installed components are operating as designed. It is non service impacting.
Please be assured that our team and the appropriate support staff will be present for the entire duration of these maintenance windows. If you are a current Canadian Web Hosting customer and have any comments or concerns, you may contact us by email at email@example.com or by phone at 1-877-871-7888. To stay up-to-date with future news and announcements, you can follow us on Twitter at @cawebhosting and on our Facebook Page.Kevin Liang
CTO / SEO Guru
This week, our maintenance is at our our Vancouver data centre.
Scheduled Network Maintenance
The window is: Thursday, January 31, from 20:00 PST to Friday, February 1, to 06:00 PST. This maintenance is necessary for our secure bandwidth system and it may be service impacting.
Please be assured that our team and the appropriate support staff will be present for the entire duration of these maintenance windows. If you are a current Canadian Web Hosting customer and have any comments or concerns, you may contact us by email at firstname.lastname@example.org, by phone at 1-877-871-7888, by tweeting us at @cawebhosting or via our Facebook Page.Kevin Liang
CTO / SEO Guru
This week, our maintenance is from our Toronto facility.
The windows are: Thursday, December 6, 2012, from 22:00 EST to Friday, December 7, 2012, to 06:00
EST. This maintenance is non service impacting and is required to perform preventive maintenance on our UPS units.
Please be assured that our team and the appropriate support staff will be present for the entire duration of this maintenance window. If you are a current Canadian Web Hosting customer and have any comments or concerns, you may contact us by email at email@example.com, by phone at 1-877-871-7888, by tweeting us at @cawebhosting or via our Facebook Page.Kevin Liang
CTO / SEO Guru