Author Archives: Jimmy Penttila

  • -

PCI Compliance still lagging in 2017

If we learn anything from 2017, it should be nothing is safe. I was recently reading a great article about PCI Compliance and it got me thinking. Why? Why are we so sure it couldn’t happen to us? Right now, the 2017 Payment Security Report Executive Summary from Verizon states that  ” For the first time, more than half (55.4%) of companies we assessed were fully compliant at interim validation, compared to 48.4% in 2015. But that means that nearly half of stores, hotels, restaurants, practices and other businesses that take card payments are still failing to maintain compliance from year to year.” That leaves almost half still Not PCI Compliant and a potential hazard to you and your personal and business information.

Now for those of you that don’t know what this is, PCI DSS  Payment Card Industry Data Security Standard. This is the standards by which the entity accepting your card as payment should be taking to ensure your information is not at risk. Think of them as doors and windows to your home. If you lock all the doors and windows it is much harder for someone to gain access to your home. Leave something open and you are creating the opportunity for something bad to happen.  But, we live in different times. When I was young, my parents never locked their doors.  Could you image leaving your doors and windows open today?

As a responsible business owner you are charged with keeping your (and your customers) information safe. This means you need to take certain precautions to ensure the information you collect (including names, addresses, credit card info, social security numbers etc.) is safe from attacks. Both online and physically. You must have training for all employees who handle this material.  No, it is not hazardous waste, but put the shoe on the other foot and try to imagine someone dumping your credit card number and name into the dumpster behind the store you just walked out of and not thinking twice. Three weeks later there is a big screen purchase and a trip to Fargo that you did not authorize.  Yes, it happens just like that.

Standards have been set for a reason, not to make it hard to do business, but to make it harder to gain access to vital information that can cause a lifetime of grief. Let us not forget that Equifax put a lot of us at risk for the foreseeable future. The data of roughly 145.5 million people was preverbally left in a dumpster to do with as they like and the ramifications will likely be felt for years to come. And that’s just one example.

So are you PCI DSS compliant? Are you taking the steps necessary to become compliant? Did you know that you can be held responsible for failure to take the necessary precautions and a breech happens?

If your business relies on credit cards for payment, you have had to submit a PCI compliance site survey. And more than likely you will have more red marks on your on your first attempt than a third grader in English class. But fear not, it doesn’t have to be hard. In fact, here are a few simple things you can do to get you started.

Install and maintain a firewall

Do not use vendor-supplied defaults for system password (admin is not a secure password)

Close all open ports on equipment (this will require conflicts with equipment and software to be resolved)

Protect stored cardholder information (lock up receipts in a safe)

Keep antivirus software up to date

Assign a unique ID to each person with computer access

Track and monitor all access to network resources and cardholder data

Regularly test security systems

Maintain a security policy and ensure that all personnel are aware of it

If you need more information or help becoming PCI compliant I can be reached at Jimmy@bitsbusinessit.com

 

Source 2017 Payment Security Report Executive Summary from Verizon


  • -

Driving your Technology

Are you better to your car than you are to your technology?

Most people spend more time sitting in from of their computer than in their driver seat, and spend more time and money maintaining their car then their technology.

Like taking your car to a trusted mechanic or dealer for maintenance, most small to medium businesses utilize an outsourced IT firm for maintenance.  Sure, you can change your own oil, but do you have the equipment, time or knowledge to do an alignment? Outsourcing your IT is no different.  Sure, you can change the cartridge in your printer, but do you have the time & knowledge to deal with new workstation installations, server security, or virus removals?  Outsourced IT firms can keep up on regular maintenance, install updates and keep you protected against threats. They can also inform you of impending dangers to your system, keeping you up and running instead of broken down and lagging. We rely on specialists because they stay up to date on their field, e.g. CPAs, Attorneys, Mechanics, IT professionals and they will always be better and faster at fixing a problem than we can be.

Even large firms use an outsourced IT company to augment their staff. They have one person on staff to handle the day to day hiccups and utilize and outside firm when doing the behind the scenes stuff and heavy lifting such as larger projects, so they don’t waste resources.

Technology in general needs maintenance, and if not properly maintained it can leave you falling behind your competitors, draining your staff and costing you money. A good working network with properly licensed products and up to date software, up to date security is vital to your business. Now fortunately, our cars don’t come under very many outside attacks or threats (besides the runaway shopping cart and your children’s baseball practice.)

Look, if you want to get from A to B a bus will get you there. However, if you are in it for the long haul and want your business to go from A to Z you’re going to need to keep your system running right!  It’s up to you, but I would rather sip tea pool side than work on my car!

If you have questions about your IT, please give us a call.


  • 0

Backups Saved My Company

Backups saved my company

Anyone who reads this probably knows how we operate here at BITS. Knows how we constantly insist our clients run backups of their data and test those backups.  Some of you take this to heart, some not so much.  Well it happened; in less then six degrees of Kevin Bacon someone close to you had a catastrophic failure.  There were no lights flashing, no “warning, warning danger Will Robinson”.  Nothing! Down went their ERP system and with it their ability to do business as usual.  Sweating yet? Worried? You had better be.  Their ERP support wanted $28,000 to put them on a support package and start working on the problem.  I repeat, $28K!  I’ve seen that kind of expense devastate a business.  Could you afford that kind of hit? Good news is they are up and running.  Now I won’t go into the ugly details and all the techy stuff BITS did to get them back up and running because it doesn’t matter.  What does matter is that THEY HAD BACK UPS! Working, up to date backups. That saved them an enormous amount of money, time, and frustration. When’s the last time you tested your backups?

On site and off site backups of your data are your friend. Not just another thing on your long list of to dos for the day.   The backup fairy isn’t going to do them for you (unless they are automated by BITS.)  Did you know the movie TOY STORY 2 was almost lost?  Woody and all his crazy

Protect your data with backups and Boutique IT Solutions

adventures would have been lost if it weren’t for backups.

You have to go to work to support your family

You have to breathe in and out to survive

You have to run a solid back up to protect your business

Without your backups your data can be lost forever. You worked hard to capture that data.  You spent 2 years working with a prospect to close the deal with company xxx. Now your presentation is gone.  Every contact and the data to go with them are now gone. A lifetime of contacts, your pipeline, your inventory records, GONE.   There is not a call BITS and fix it button like Staples has. Without that back up it’s gone.

Our goal is to ensure no one that we work with ever has to pay a $28K trouble ticket to their software company and that they never lose their data.  As we get older gray hair is bound to happen.  Your backup shouldn’t be a reason for it!

This client had done backups and never had a problem. Obviously the clock was ticking, as it is for most of us.  You will have data that is deleted accidentally; You will have hardware failures that cause data loss; You will have disgruntled employees delete precious files from your server.  But if you have multiple backups in place it will never impact your business.

In the following days we will be calling all our clients and stressing this important fact and discuss how mission critical backups are.

Now go run your back up!


  • 0

Superfish? Really Lenovo?

Tags : 

lenovo-superfish

It’s it bad enough that we have to be conscious of every little thing we do on our computer; now we could be potentially infected before we spend day 1 with our shiny new computer. Grrrrrr!!!!

If you haven’t read the backstories on Lenovo and Superfish I’ll catch you up. From the factory some Lenovo units had Malware loaded already. What does this mean? It means that your new computer is infected before you even turn it on. Crazy, I know.

Lenovo is scrambling to fix the problem. “We messed up badly,” said Peter Hortensius, Lenovo’s chief technology officer. He claims Lenovo was unaware Superfish put consumer’s Internet traffic up for grabs. “The intent was to supplement the shopping experience.”
Chances are you’re infected, you just don’t know it. Just like the walking dead, some of these software programs live inside your computer, waiting, till it’s time to turn your computer & more specifically your browser into its own private little zombie. Collecting shopping data so that it can customize your ads for things that you do or might want to buy. Sounds great, right? Wrong! This is a huge security hole. So what can you do? While I don’t suggest stabbing your screen with a steak knife and I seldom suggest you shoot it point blank in the monitor. There are some things you can do.

  1. Remove the unwanted Superfish blot ware. CNet has a nice little tutorial on removing Superfish from your Lenovo.
  2. Don’t believe the hype… er link (see what I did there?). I’ve seen studies from all over the web stating that about 45% of the URL links are fake. Even worse, about 60% of us don’t even know which ones are real links and which ones aren’t. Chances are even if you get the link from a trusted friend the link itself might have the cute kittens playing, but the ads and other links on the page are malicious and they are hoping you’ll click on those.
  3. Scan your PC frequently. Scanning for infections is truly not sexy; however neither is seeing your most private monements up on YouTube next to Kim Kardashian. So run you scans often and keep your programs up to date. Even with a brand new computer right out of the box.
  4. The least sexy of all – Passwords. Yep these little babies are still going to help. All day long as you sit at your desk trying to hide the fact that it’s Monday and you’re tired or Friday and you can’t wait to leave these little monsters are looking through your files trying to figure out what you got. They don’t care what time it is. They want your stuff! Strong passwords will keep them out. Use Alpha/Numeric/Symbol based passwords

The key to staying safe on the Internet is having strong encrypted passwords, don’t save your passwords in your browser program, and don’t click on links. Doesn’t that sound simple?! If you get infected chicken soup is totally not going to help. The only cure is to change your habits and live with it. By changing passwords frequently, resisting the temptation to look at cute kittens and Kim K’s butt, you’ve got a chance. Be vigilant stay positive and don’t click links like your crushing candy. You might just make it out alive!