PCI Compliance: What Is It, And Why Do I Need to Do It?

How Does PCI Compliance Work, And How Does It Benefit Me?

What Happens If A Business Doesn't Comply?

Protecting Yourself from Cyber-Thieves

Throughout January and February, we talked about the cyber-security breach at Target, and, by extension, the ways to protect yourself (and your clients) from credit card fraud and identity theft. Today, we'll recap these tips and invite you to contact us if you have any questions or concerns regarding cyber-security. In the end, protecting yourself from cyber-attack is about keeping your Personally Identifiable Information (PII) safe, staying vigilant, and acting fast if something should happen.

Keeping Your PII Safe

Most of these are common sense, but others might not be so obvious. The key is vigilance—keep an eye on where and how you use your PII.

• Don't let your credit/debit card out of your sight, and don't use an easy-to-guess PIN.
• Check your credit card statements on a monthly basis, and look for "test charges" (i.e., little 6, 10, 12, 15 cent, etc. charges that thieves make to see if you are paying attention).
• Keep your PII off of social media!

Keeping Your Customers' PII Safe

This is just as important as keeping your own information safe, but with the added complexity of you being liable if anything happens.

• Have Data-Breach insurance
• Cut down on paper copies and the number of people who have access to customers' PII.
• Train your employees on how to handle sensitive documents, and shred, shred, shred!

What to Do If You Think You May Have Been Victimized

It's not fun to think about, but let's say that despite everyone's best efforts, the worst has happened. Here are some critical steps to take:

• If you think your credit or debit card has been stolen, call your credit card company or bank right away, and ask for a new card and a new PIN.
• Ditto if you paid via credit/debit card at Target between November 27 – December 15.
• BE CAREFUL if you've used your credit card to pay online at any of these sites in the past 12 months: Facebook, Adobe, Gmail, Google+, YouTube, Yahoo, Twitter, Odnoklassniki, ADP, or LinkedIn.

If you have questions or concerns about the security of your computer or network or if you want to know more about how to keep your customers' information safe, please contact us!

You can reach us by phone: 847-848-7776
by email: info@tgconsultantsinc.com
by website: www.tgconsultantsinc.com

Fulfilling Your Obligation to Protect Your Clients

Target has taken a lot of heat lately about the information security breach, but unfortunately, their situation is hardly unique. We know protecting your clients information is a high priority, even if you aren't a giant mega-corporation like Target. So, here is a handy checklist to make sure no one "Targets" you.

1. Create a policy for holding and storing Personally Identifiable Information (PII), and ensure it is accurate, relevant, timely, and complete.
2. Instruct your employees to not leave their desks or countertops with documents that contain PII in plain sight. Also, make sure that you keep such documents flipped over when you aren't working on them at the moment so that passer-bys can't sneak a peek.
3. Reduce the amount of PII information to the minimum necessary for proper performance of agency functions. Collecting email addresses is great for marketing purposes, but if you don't do email marketing, don't keep that info around because it could be a liability.
4. Provide training for all employees or contractors who handle or have access to PII documents.
5. Control access to the amount of people who have access to PII documents. If too many people have access, it becomes easy to forget who should have access and who shouldn't.
6. Any devices that are easy to steal—such as laptops, cellphones, flash drives, and tablets—should be limited or restricted from being used to store PII.
7. Ensure that PII information that is transmitted electronically is done so using secured technologies.
8. Develop a schedule for periodic review of policies for PII and how it is stored.
9. Develop an incident response plan in case of a PII breach.
10. Eliminate the unnecessary collection and use of Social Security Numbers (SSNs).
11. Develop a shredding policy and procedure to eliminate the unnecessary storage of paper containing PII.

Here are some additional articles to explore related to securing PII:

http://money.cnn.com/2013/12/04/technology/security/passwords-stolen/index.html
http://money.cnn.com/2014/01/10/news/companies/target-hacking/
http://en.wikipedia.org/wiki/Personally_identifiable_information

This post is part of the T.G. Consultants January/February series on cyber-security. If you have questions or concerns about the security of your computer or network, if you want to know more about how to keep your customers' information safe, feel free to contact us!

You can reach us by phone: 847-848-7776
by email: info@tgconsultantsinc.com
by website: www.tgconsultantsinc.com

It's Nothing Personal—Keeping Your Personal Identifiable Information Safe

In the Information Age, you can find just about anything, anywhere. Want new shoes? Go online and see who has the best sale. Want a new recipe? Online. Want to track down an old college friend, buy movie tickets, or find out how tall George Clooney is? Online!

It's so easy to find things online, that of course, there is a dark side to it. The ease of finding anything online has allowed identity thieves to run amok. What are they after? Money, of course, but to get it, they need your Personally Identifiable Information.

Personally Identifiable Information (PII) is any information about you that reveals your identity:

• Name
• Social Security Number
• Address
• Date and place of birth
• Mother's maiden name
• Medical, educational, financial, or employment records
• Biometrics (e.g., height, weight, or any other data about your bodily measurements)

Fact: 87% of the U.S. population can be uniquely identified by a combination of just their gender, date of birth, and ZIP code! That means if thieves have only those three bits of information, they have a pretty good chance of successfully ripping you off.

Fortunately, there is quite a bit you can do to protect yourself and your PII.

1. Don't post it online! Don't give out your name, address, email address or phone number over the internet, whether posting to social media sites or by messaging people. Much to the chagrin of many celebrities, what goes online, stays online.
2. Keep an eye on it. Limit the amount of time that your credit card is out of your line of sight, such as when you hand your credit card to a restaurant server or at a drive-thru. Better yet, use cash.
3. Review your credit card statement monthly. As I've mentioned in previous articles, crooks are getting smarter about their knavery by starting small. Of course, watch for big purchases that you know you didn't make, but also look for little charges, such as 6, 10, 12, or 15 cents. These charges are called "test charges", and thieves use these to check whether you are paying attention.
4. Divide and Conquer. Don’t write your PIN on the back of your debit card, and don't keep your PIN written on a piece of paper in your wallet or purse where you keep your card. Keep them separate.
5. Address the issue. DON'T make your PIN your home address number—it's the first thing thieves will try when guessing your PIN!! Don't use your birthday, either.

This post is part of the T.G. Consultants January/February series on cyber-security. If you have questions or concerns about the security of your computer or network, if you want to know more about how to keep your customers' information safe, feel free to contact us.

You can reach us by phone: 847-848-7776
by email: info@tgconsultantsinc.com
by website: www.tgconsultantsinc.com

110 Million Customers--and Counting: Were You a Target at Target?

T.G. Consultants would like to give out a public service announcement regarding the cyber- security breach at Target: The damage is much worse than people originally thought.

110 million customers were affected. To put in perspective, that's equivalent of roughly one- third of the population of the United States.

After you read this article, please forward it to your family and friends.

At this time, the affected customers had information such as their name, address, phone number, and e-mail address hacked in the breach. This is a serious threat because hackers can do a lot of damage with access to this information.

A Target spokesperson said the personal data stolen could affect its past shoppers, not just those who have visited the store recently. Security experts suggest that customers who used debit or credit cards at Target between Nov. 27 and Dec. 15 should contact their card issuer and get a new card with a new account number.

This is a growing trend. Below is a list of other companies that have been hacked in the past 12 months. If you used your credit or debit card on any of the listed sites, you should take precautions.

• 318,000 Facebook
• 300,000 Adobe
• 70,000 Gmail, Google+ and YouTube accounts
• 60,000 Yahoo
• 22,000 Twitter
• 9,000 Odnoklassniki accounts - a Russian social network
• 8,000 ADP
• 8,000 LinkedIn

What you need to do NOW as a result of the Target breach:

1. Call you credit or debit card company and request a new card and a new pin.
2. Sign up for the credit watch that is offered by Target, at their expense.

T.G. Consultants is a one-stop-shop IT consulting company that services all of your IT needs, including security, networking, web design, and more. We value your safety and the safety of your customers. If you suspect your system has been hacked, or if you have questions regarding the security of your own computer or network, please contact us.

You can reach us by phone: 847-848-7776 by email: info@tgconsultantsinc.com
by website: www.tgconsultantsinc.com