PCI Compliance – Understanding It

If your business accepts credit cards, then you are likely aware of the Payment Card Industry (PCI) Data Security Standard (DSS). …And if you’re not, you should be. PCI is a series of requirements mandating that all credit-card-accepting merchants transmit and store credit card data securely. Originating in 2006, PCI DSS is managed by the PCI Security Standards Council which includes agents from all major card brands (like AMEX, Discover, MasterCard and Visa). Every business that accepts credit cards MUST be compliant with PCI DSS.

PCI Compliance Validation EarthLink BusinessPCI DSS contains four levels; these levels group merchants based on the number of credit card transactions they perform in a twelve month period. The levels are:

  • Level 1: More than 6 million Visa or MasterCard transactions per year
  • Level 2: 1 to 6 million Visa or MasterCard transactions per year
  • Level 3: 20 thousand to 1 million Visa or MasterCard transactions per year
  • Level 4: 20 thousand or fewer Visa or MasterCard transactions per year

With the staggering numbers of security breaches, credit card fraud cases, identity theft, and data loss every year, it is the merchant’s responsibility to protect consumer data. If PCI is a critical part of your business, then steps should be taken to ensure secure credit card transactions and keep consumer confidence. Keeping up with PCI standards will show you are taking the necessary steps to keep your consumer data safe.

Determining an effective strategy for maintaining PCI compliance is critical to mitigating credit card processing security risks. The good news is that EarthLink Business can help you comply with PCI DSS! Our new PCI Compliance Validation service helps small, medium and large retailers meet PCI compliance requirements. As an added bonus we also offer data breach protection of up to $100,000 per location to reimburse merchants if customer credit card data is ever breached. EarthLink’s service provides simple tools to help your company validate your PCI compliance, including:

  • Credit card data security policy
  • Web-based PCI compliance training
  • Quarterly Authorized Scan Vendor (ASV) scans
  • Online data security self-assessment
  • Access to an online knowledge base for PCI compliance

Don’t put your business at risk! Understand PCI DSS and reach out to your EarthLink representative today to find out more about how EarthLink Business can help!

Disaster Recovery in the Cloud…

disaster recovery in the cloudYou are already backing up your data so you can rebuild it when your server crashes and be up and running in a few hours. But what happens when you lose two servers?…three servers?…four, the network, power, and more? More importantly, are you prepared to continuing running if you lose everything all at once? Disasters happen, more often than you think. Are you prepared? Many organizations have a backup strategy but not a true IT disaster recovery strategy. How long would it take you to get IT back up and running if you lose everything?

So you already have a disaster recovery plan. Have you tested it recently? When was it documented? Updated? If you answered “No” and “It’s been a while,” then your plan may be ineffective. Most organizations don’t have a disaster recovery plan…and those that do may not know how to use it correctly.

The good news is EarthLink Business can help with our new Cloud Disaster Recovery solution. Disaster recovery in the cloud offers companies quick data restoration and effective IT recovery faster than any traditional disaster recovery model. Using the cloud for offsite recovery means your business will have the ability to recover your servers in the cloud environment (as opposed to simply using the cloud for offsite storage). With no capital expenses and subscription pricing, the Total Cost of Ownership (TCO) is low. Don’t build it yourself and incur an enormous amount of up front expenses when you could pay an affordable monthly fee and use cloud based servers?

Here are some additional key benefits for utilizing disaster recovery in the cloud:

Data protection: Recovery in the cloud assures your data is recoverable and protected from man-made accidents, power outages, natural disasters, and server crashes.

Scalability and Rapid Implementation: By replicating your primary server environment, the Cloud environment can be quickly scaled to fully replace your primary servers and get your business back up and running in hours, not days.

No hardware requirements. No need for large server rooms and hardware specialists, saving money on power, energy and personnel expenses.

Leverage existing IT: EarthLink’s Cloud-based data recovery solution inter-operates with your existing hardware, applications and operating systems protecting both physical and virtual servers.

Get some additional sleep at night knowing that your information is safe, secure, and can turned up in a moment’s notice should a disaster strike. Contact your EarthLink Business representative to learn more.


Secure Remote Access – EarthLink Business has you Covered!

Having secure remote access available to work-from-home employees is becoming increasingly important for modern companies. Many industries have made large investments in remote access services without realizing these investments come with a variety of inherent problems. Remote access threats are unique and if proper measures are not implemented significant threats to corporate information can exist.

The most common vulnerabilities with remote access technologies are poor identity validation and weak authentication. Most remote access tools simply rely on a traditional user ID and password. Unfortunately, when common ID’s and passwords are shared it leads to mass vulnerabilities. It is important for organizations to monitor remote access and be sure to use multi-factor authentication. Multi-factor authentication is a process where a person proves their identity with two of three methods: “something you know”, “something you have” or “something you are”. This could be attained by simply having users enter their username (“something you know”) and then enter a PIN that appears on a token (“something you have”).

Contracting malware is another major risk when permitting remote access. Allowing users to connect with unauthorized devices (i.e. Home PC) poses the risk of malicious software or malware spreading to your network. Viruses, Trojans and worms can piggyback the remote connection and gain access to the network. It is important that users with remote access have antivirus software installed on their devices and your remote access system verifies antivirus protection exists before allowing connectivity to your network.

Finally, make sure remote access privileges are monitored and disabled when they are no longer needed. In other words, don’t let a former employee retain access. To many times disgruntled former employees raise havoc on networks because management and administrators delay revoking access to corporate resources.

Verizon’s 2012 Data Breach Investigations Report indicates that remote access services were involved in 88% of all hacking breaches in 2011 and of all the reported incidents involving malware in 2011, compromised remote access resulted in infections 95% of the time. So if you are thinking about making remote access an important part of your business, and you transmit sensitive information, it may be worthwhile to contact your EarthLink representative today to learn more about our managed Secure Remote Access service.


IT Security – Should it Be Outsourced?

IT security is often a confusing area for small and medium businesses because, typically, only large companies can afford to deploy their own comprehensive security teams, armed with the knowledge and tools necessary to protect information assets against ongoing attacks or compromise. Smaller and mid-size firms just don’t have the capital or resources to commit to a top notch security team, which is why many are starting to consider outsourcing. Here are the 3 things to think about when considering outsourcing your IT security needs…

Security experts at your fingertips

If your company cannot endure the cost of deploying your own security team, why not hire one? For the overhead cost of employing a single, well rounded security veteran you can outsource at the same cost or less, and have and entire team of experts at the helm. In today job market, good IT security experts are expensive and hard to find. Security firms hire experts that have worked in multiple industries and can reach out to other team members to deliver your security needs. Think of it as employing an entire army of security professionals that are already trained and educated in your industry, all for the overhead cost of one.

Focus on driving your business needs

Outsourcing IT security can help companies stay focused on driving their business. Keep building and expanding your business by concentrating on your core products and let the experts help maintain and manage information security. If your company makes furniture, make furniture and let someone else manage IT security.

Buy what you need and only what you need

With outsourcing you only pay for what you need. It’s like buying cable television. If you don’t watch the movie channels then why pay for them? If all you need is someone to manage your firewall and to keep the bad guys out, then why hire an expensive security expert or rely on other internal resources that “know enough about IT security to be dangerous?” Pay for a monthly service and be confident that you are receiving only the services you need. For smaller firms, this approach will allow you to scale IT security needs with your business. IT security outsourcing reduces operating expenses by eliminating the need to train security staff and the need to purchase and update dedicated equipment.

When deciding what security functions to outsource, consider any security service a managed IT security firm can provide better, and at a lower cost, than you can deliver internally. EarthLink’s offers a suite of managed security services, contact your EarthLink representative to learn more.