What You Need to Know About PCI Compliance

What Is PCI Compliance? The Payment Card Index Digital Security Standard (PCI DSS) was established in 2006 as an industry-wide standard created by what is now known as the PCI Security Standards Council. Made up of the predominant credit card companies: Visa, Mastercard, American Express, and Discover, the council was established to regulate the credit card industry and manage the standards in which businesses would be held to improve consumer privacy.  PCI standards apply to all businesses that accept payment cards. If your business stores information or processes payment using digital means, you have to maintain PCI compliance. Here are 10 actions every business that accepts payment cards needs to take: Change passwords from system default Install all sufficient network security tools (antivirus, firewalls, etc.) that will work to protect card data Encrypt transmission of card data across public networks Restrict the transmission of card and cardholder data to “need to know” basis Assign user ID to all users with server or database access Make efforts to protect physical and digital access to card and cardholder data Monitor and maintain system security Test system security regularly Create written policies and procedures that address the importance of securing cardholder data Train your staff on best practices of accepting payment cards Again, every single business that accepts the use of payment cards needs to be sure to accomplish these 10 things. Many businesses already do these things in the normal course of doing business, but if you don’t, and you accept payment cards, you are not in compliance and face harsh consequences.  PCI and Business Size Once you’ve established compliance with the general guidelines, you then need to understand how your business will be judged. According to the PCI Security Standards Council there are four levels of businesses that process credit cards. They are defined as follows: Merchant Level #1 – A business that processes over six million payment card transactions per year. Merchant Level #2 – A business that processes between one million-to-six million payment card transactions per year. Merchant Level #3 – A business that processes between 20,000-to-one million e-commerce payment card transactions per year. Merchant Level #4 – A business that processes less than 20,000 e-commerce payment transactions, and fewer than one million overall payment card transactions per year. Since a breach at level 1 will likely affect more consumers, the PCI regulatory body–that doesn’t have the means to constantly check every business–spends more time regulating larger organizations. That’s not to say that small businesses can’t face hefty fines and consumer attrition if they are non-compliant. Each level has its own specific mandate. Let’s go through them now. Merchant Level #1To maintain PCI compliance, Level one merchants need to: Perform a yearly Report on Compliance (ROC) through a Qualified Security Assessor (QSA) Allow an Approved Security Vendor (ASV) to complete a quarterly network scan Complete the Attestation of Compliance Form for PCI Council records Merchant Level #2Level two’s need to: Perform a yearly Self-Assessment Questionnaire (SAQ) Allow an ASV to complete a quarterly network scan Complete the Attestation of Compliance Form for PCI Council records Merchant Level #3Level three’s need to: Perform a SAQ Allow an ASV to complete a quarterly network scan Complete the Attestation of Compliance Form for PCI Council records Merchant Level #4Level four’s need to: […]

Careful, This Wallpaper will Brick Your Phone. Wait, What?

It was discovered that users who set a particular image as their phone wallpaper on Android devices suddenly found their phone crashing. Once the wallpaper is set, the phone will refuse to boot back up, even in safe mode. This means the only way around it is a hard factory reset, which will lose everything on the phone that isn’t backed up elsewhere. Users are able to safely view the image, and even download the image on their device. The issue occurs once the image is set as a background wallpaper on Android devices, especially newer phones, and it seems to affect Samsung phones especially.  Let’s Take a Look at the Infamous “Cursed” Android Wallpaper In a Twitter post by user @Universeice, we get a glimpse of the image and the warning not to set it as a wallpaper. Definitely heed our warning and do not attempt to make the image your wallpaper, but it is safe to view: WARNING???Never set this picture as wallpaper, especially for Samsung mobile phone users!It will cause your phone to crash!Don’t try it!If someone sends you this picture, please ignore it. pic.twitter.com/rVbozJdhkL u2014 Ice universe (@UniverseIce) May 31, 2020 Why Does This Image in Particular Break Android Phones? After doing a little research, this photo was taken last year by photographer Guarav Argawal, and ended up on a lot of popular smartphone wallpaper sites recently. Argawal owns the copyright to the image, which means it probably should not have been made available on these wallpaper sites. The issue has to do with hidden data stored within the file itself. There isn’t anything malevolent going on here – any image can have hidden metadata stored within it. Most digital cameras, for example, record the type of camera and settings used, the time and date, and other information automatically when taking a photo. There is a specific type of data called the ICC profile, which has details about the color profiles of an image. All of our modern-day devices have limited colors that they can actually display. Our eyes are pretty limited to what colors we can see, so it doesn’t usually affect us. Color profiles set standardized ranges of colors used in an image that devices can use so colors are relatively uniform across our devices. Ask a graphic designer or photographer and they will have a lot to say about their frustrations with color profiles. That said, the ICC profile used on this image was a fairly uncommon one, and likely not something that Android was configured to use for a Wallpaper. In fact, simply saving the image using a standard color profile makes it safe to use, although it does make the image a little more visually dull. The craziest part about this image, is that if it weren’t for a single pixel, it would likely work just fine. Combined with the uncommon ICC profile, there is a single pixel (a tiny, nearly invisible dot of color) that causes the actual conflict that crashes Android phones. You can’t see it by looking at it, but somewhere in the pinkish lining on one of the clouds is a single pixel that most modern smartphones just can’t handle existing on the wallpaper! Okay, I Won’t Set This Image as a Wallpaper. Am I Out of […]

Tip of the Week: Put Policies in Writing for More Impact

Tip # 1: Cover Everything When putting together your employee handbook, you will want to first prioritize what policies, processes, and procedures you would want every member of your staff to know. Obviously, the more information an employee has, the better he/she will understand what is expected of him/her. Some of the information will need to be in there by law, including: FMLA information Non-discrimination policies Sexual harassment policies Worker’s compensation policies Other policies that are important will also want to be included. They include: Paid-time off policy Payment times and promotion/review policy Employee behavior expectations Employee dress code Benefit structure Remote work policy Social media and employee device policy Finally, you will want to outline your company’s mission, history, and any other company culture-related information that you find important to publish. Tip #2: Prioritize the Layout Obviously, most businesses won’t be able to write every policy and procedure employees should know in a handbook that most employees will simply discard the first day they get one. It is, then, extremely important which policies are written toward the front of the handbook. Along with this, you will need to ensure that each policy is sufficiently explained. You don’t need to be a professional writer, just explain the policies completely and try to be thorough. Tip #3: Update as You Go As important as company policy is, there should always be an opportunity to update it as things change. Having success or failure with any single policy could require amendments be made to them. This means that while giving an employee a handbook when he/she starts working for your company, you should always provide digital access to this document as you will likely need to make changes to it in the future. Ensuring that your handbook is updated with the most current language keeps confusion to a minimum.  An employee handbook may not seem crucial, but it can be a beneficial piece to add to your administrative resources. If you would like help putting together your policies, IT or otherwise, call the business experts at SRS Networks today at (831) 758-3636.

What You Can Integrate with Your Business’ CRM Solution

First of all, what is a CRM? CRM stands for Customer Relationship Management, which is the technology that assists your business in tracking and cultivating your interactions with those you work with, pretty much as it says on the box. Not only does this help you keep track of all your business contacts, the many integrations that can be found for these kinds of solutions give you additional resources and capabilities to use to your advantage. Let’s go over the common integrations that CRM solutions offer to help you improve your business processes. Calendar Integration When you need to keep track of your customers and interactions you have with them, establishing a schedule to stick to is an important step. After all, you don’t want to have meetings overlap with your other activities and cause conflicts. Utilizing a CRM that integrates with your business calendar to helps you avoid overscheduling your activities, while also ensuring you are prepared to sustain your interactivity with your contacts. By automatically syncing your calendars to the events outlined in your CRM, your team can keep your projects and initiatives in progress while minimizing any potential scheduling and internal communication issues. Call Center and Customer Support Integration Your CRM solution should also work collaboratively with your external customer service and support tools. Let’s say that one of your customers reaches out to you with a question for your support team. It doesn’t make sense for your sales team to answer the call first, so a system that can direct these calls to the appropriate party from the get-go leads to increased productivity and improved customer relationships. Syncing these two solutions together can lead to impressive improvements across the board. Email Integration Many businesses also rely on email communications to keep in touch with their clients and customers. Using a CRM to power these communications can assist a business in lead generation and more personalized marketing efforts. Using a CRM to its full potential can help promote your operations and entice your prospective customers to reach out to you more often, often assisted by the integrations that are incorporated into it. For more ways that you can use your technology to increase your business’ productivity and efficacy, subscribe to this blog, or give SRS Networks a call at (831) 758-3636.

Get the Most Value Out of Your IT Budget

To begin, it is important to acknowledge the different ways that costs—especially IT-related costs—can be optimized. Processes can be moved to the digital space and automated, helping to increase efficiency and eliminate waste and redundancy. Agreements and prices can be negotiated for purchased services and solutions, allowing businesses to reduce costs and cultivate professional relationships. Business resources can be standardized and streamlined, so more can be accomplished for a smaller investment. As it happens, a managed service provider can assist a business on all three of these fronts. Let’s go over a few ways that these goals can be achieved through some of the services offered as a part of an MSP’s offering. Vendor Management Businesses need to deal with their vendors all the time, which can often result in less time left for their other initiatives to be focused upon. Many MSPs will take on this responsibility on your behalf and allow you to direct your attention to your business’ affairs. As an auxiliary benefit, as these MSPs will likely be working with these vendors on the behalf of several clients, they likely have a healthy business relationship with them. This means that they likely are offered bulk deals and other perks that can translate to similar benefits on your end. Proactive Maintenance There is no getting around it: technology is expensive. Not only does it require an upfront investment to procure, maintaining it can quickly rack up some significant costs that can be challenging to predict. An MSP’s proactive maintenance can help to resolve this, as issues can be mitigated before the associated costs begin to blossom and expand. Cloud-Based and Remote Services With the technology that is available today, it is far easier for business services to be scaled to the size that a given company will require, and to be delivered in a much more efficient way. This allows more businesses access to the tools and support that they need to maintain their operations, as they will be more accessible and (as we’ve established) more financially feasible for these businesses to invest in. Working with an MSP to put these tools to use will allow businesses to get the most value (again, through proactive maintenance and vendor management) for their investments. The value that an MSP can provide to a business of any size cannot be understated. We’d be happy for the opportunity to show you how you could benefit from it. Reach out to our team at (831) 758-3636 and learn more about our services today.

Tip of the Week: Time Management that Really Works

Get Good Zzzzz’s There have been numerous studies done that suggest that the best way to maintain focus and productivity is to get enough sleep. Getting between seven-and-eight hours and going to sleep early will allow you to get a fast start on the next day. Peak productivity typically happens about 150 minutes after a person wakes up, so the earlier you start, the more productive you can be. Stay on Schedule Generally, you will have a good idea of what your responsibilities are before you get started, but priority can change. If you have the flexibility to do so, setting your schedule up to get the most crucial things completed when you are the most alert makes sense. Arranging your assignments into a schedule that will allow you to be the most productie can be a big benefit for you and for your company. Try to Eliminate Multitasking Many people claim to be master multitaskers, while others claim that multitasking isn’t even possible. Studies show that the latter is closer than the former. Focusing on many different tasks at once makes it difficult to proficiently complete one. Selecting the task that has the highest priority and committing to that task gives you the best chance to build a task list that can be completed satisfactorily and efficiently.  In business, productivity is essential, so how to go about it is important. SRS Networks can help you implement the solutions to help support your productivity strategies and help you get your business find the success it is looking for. To learn more, reach out to our team by calling (831) 758-3636.

Yeah, There’s a Reason Some Scams are So Obvious

Advance-Fee Fraud and Its Origins Believe it or not, those emails have their roots in the 18th and 19th centuries, where scammers wrote letters to their targets begging for some small financial assistance in exchange for a significant reward. Rather than a Nigerian prince seeking escape from political turmoil, one such attempt featured a wealthy Spanish prisoner that needed to be smuggled out of Spain and required some investment to bribe the guards. These scams continued over the years, appearing in French investigator Vidocq’s memoirs and reports of other transnational scams exist from 1922. Today, these advance-fee scams are most recognizable in the form of the Nigerian Prince scam, as referenced above… and thanks to the Internet, they are far more prevalent, as there aren’t even postal costs to prevent scammers from using them on a widespread basis. Why These Scams are Notoriously Obvious One would think that, as a scam that has become the go-to example of a scam, cybercriminals would have abandoned it long ago—or at least worked to make them more convincing. So, why are these scams still around, and still so transparent? In 2012, a researcher for Microsoft named Cormac Herley asked the same question and conducted a project to find the answer. His conclusion was brilliantly simple: these scams allowed hackers to weed through potential victims to find the ones most susceptible to their efforts. Cyberattacks aren’t free for cybercriminals to carry out. So, just as anyone who invests in something would want, they want to see the greatest return for that investment. In a cybercriminal’s terms, this translates to the highest number of successfully scammed people who comply with their demands. Just like in any business, a cybercriminal will want to minimize the number of false positives (in this case, targets that never send over any money). Looking at it from an economic perspective, the higher the number of false positives the cybercriminal invests in, the lower the net payout for them. After compiling statistics and going through the numbers, it became apparent to Herley that cybercriminals use the now-infamous word “Nigeria” in their scams to eliminate these false positives more effectively. Essentially, by using that word early on in their interaction with a potential victim, cybercriminals were able to shrink their target pool to only the most gullible or naïve people they had found. By cutting out the false positives early in the game, scammers could minimize their investment without sacrificing any payoff. All the grammatical errors, misspelled words, and far-fetched tales just serve to eliminate the people who ultimately wouldn’t be fooled anyway. For more detail, you can find documentation of Herley’s process here. How to Keep Your Business Safe Of course, not all scams operate this way, so it is still important for you and your team to know what to keep an eye out for. The Federal Bureau of Investigation provides the following list of rules to follow to avoid scams:  If something sounds too good to be true, it is safe to assume it is. If you receive correspondence from someone asking for money or information, go through the proper steps to confirm the message’s legitimacy through other means, like a phone call. Have a professional go over any agreement you’re about to enter so that you can fully […]

What If Your Team is Burning Out at Home?

Spotting Burnout in Remote Employees As you would imagine, burnout in the home is remarkably like burnout in the office. The big difference is that there is no longer an office to leave workplace stress behind in. Furthermore, many people can’t help but see the inherent hypocrisy of the situation. Many people have pushed for the capability to work remotely in the past, only to be rebuffed, so now being required to do so can be frustrating. To be clear, these employees aren’t frustrated that they are still able to work, but some of the other impacts of this situation have caused no small amount of friction. For instance, many of the people who were furloughed because of recent events may have been paid as much as four times the amounts that those still working 40-hour weeks. While there’s little that most business owners can do about this, it has caused some negative feelings. These feelings could easily bleed into the work that your staff is doing. Another common factor that contributes to burnout is the loss of any separation between the responsibilities of work and of personal life. Your employees are still human beings, so the idea of not having any break between working from home and working on their home life can be frustrating. Without any downtime to spend recuperating and processing what has been accomplished, it can be hard to see these accomplishments. This is what makes our first tip so important: Establish Boundaries Working remotely doesn’t mean that your work hours change, you should just be working in a different location. Therefore, you need to be vigilant about how long you are working. While it is admirable to want to put in the extra hours, it is ultimately better for your performance (and your business’ budget) to stick to the schedule you would normally keep and spend your personal time taking care of personal things. Working from home also brings with it a new set of potential distractions to draw you away from your work. The people you live with can inadvertently cause a strain on your focus, as can any pets you may keep. Certain temptations are also present in the home that wouldn’t be found in the office, such as streaming services or social media. Establishing a space in your home that is dedicated to work can help you to focus better, especially by assisting you with our next tip. Minimize Distractions We’ve established that the home has plenty of stimuli that can draw your attention away from your tasks and responsibilities. A dedicated workspace helps to minimize these distractions, which in turn allows you to be more productive and reduces your temptation to work longer hours, diminishing the feeling of working all the time. Of course, the expectations that others have of us (or rather, that we think others have of us) can often contribute to the burned-out feelings that so many get. It is important that everyone on your team is able to keep the following in mind: while working from home isn’t the ideal situation for everyone, recent events made it the only feasible means of keeping the business open and operational. A little bit of stress now can help lead to a better future, with a job at a business […]

Tip of the Week: Simplify Your Processes with Workspaces in Google Drive!

What are Google Drive Workspaces? As we mentioned, as you and your other users are working on their assigned tasks, the various resources they will need could very well be stored in multiple places in your company’s Google Drive storage. This can create delays in their tasks as they hunt each of these resources down—not the best situation, especially when deadlines must be met. Workspaces allow each user to create quick-access links to assorted documents in Drive, without changing where they are stored. If you have a certain project that needs to be worked on, with the materials needed for that project saved in their own locations, creating a Workspace for that project simply makes it more convenient and time-effective to complete. Once the project is completed, the Workspace can be deleted without affecting the files included at all. How to Create a Workspace Creating your own workspace is remarkably simple to do: In the left-hand menu of Google Drive, navigate to Priority. This will bring you to a page of assorted recent documents and those tied to upcoming meetings, as well as the Workspaces section. Next to the Workspaces title, you will find a button labelled Create. Click it. You will be prompted to name this workspace. Give it a name that ties it back to your project and press Enter. Doing so will open another window, with suggested files to add to it across the top and the option to Choose other files… Clicking this option will pull up an Add to Workspace sidebar, where you can search for and select the items from Drive to include.  If you change your mind, the three-dot menu next to each Workspace item gives you the opportunity to remove it without deleting the file itself. That’s all there is to it. From that point forward, you’ll have an exclusive shortcut to all the materials you add to a workspace for your convenience. For more ways to make your workday more convenient, make sure you subscribe to our blog!

Can You Really Afford Not to Have a Backup Plan?

1. How often is employee productivity and customer accessibility or service stalled each day from a downed network or system? 2. How much downtime can your business truly afford and what kind of backup or recovery solutions are in effect when systems are unavailable? 3. What level of IT support can be accessed? Can it be accessed quickly enough to minimize damage? Are you confident that your business can either be back online or be able to access lost data with minimal disruption, no matter what? 4. Is your most critical data frequently backed up? Is the data on the personal laptops, iPads or Blackberrys of employees backed up? Are all backups stored in a location off-site and quickly accessible in the event of theft, fire or flooding? Are you using any custom installed software and is the supplier still in business should this software need to be re-installed or updated? Are account details, licensing agreements, and security settings somewhere on record, and is it duplicated off-site? 5. Are your systems truly protected from theft, hackers, and viruses? Are passwords to sensitive data changed whenever employees leave the company or business unit? 6. When was the last time you tested backup processes to ensure they are working properly? How quick were your back ups? Answering these questions will help you understand if you are needlessly bleeding money every day by subjecting your business to the high hourly rates, service charges, trip fees and wait times of on-call IT support. If you are an SMB, you don’t have to fear technology failure. A trusted MSP can help you resolve these challenges in a more effective and efficient manner.

  • 1
  • 2