The Thurston, Pierce, Lewis, and Mason Counties IT Experts

Breaking Down the Numbers

According to the 2020 Black Hat Attendee Survey, these professionals were significantly concerned with potential cyberthreats and infrastructure beaches as the ongoing health crisis continues. Significantly concerned, as in 94 percent of respondents seeing COVID-19 increasing the threats to enterprise systems and their data, 24 percent seeing this threat as “critical” and “imminent.”

A lot of these respondents were concerned with the idea of vulnerabilities in their remote access systems, with 57 percent of them responding in the affirmative. 51 percent were concerned about possible social engineering and phishing attacks.

Adding to the concern, a full 90 percent of these cybersecurity professionals predict that there will be an attack on the critical infrastructure of the United States within the next two years, rising from the 2019 prediction stat of 77 percent and the 2018 stat of 69 percent. In 2019, 21 percent of these professionals thought that there were sufficient preparations in place for government and private industry to handle these attacks. Comparatively, only 16 percent feel the same this year.

Clearly, this does not bode well for businesses, and the current COVID-19 crisis only adds another level of difficulty to their operations. After all, many business owners may disregard one issue in the face of an admittedly much more visible one. Furthermore, with so many now operating remotely, there is the added insecurity that often comes with untrained remote operations.

For instance, many common security concerns are associated with the tools meant to secure precisely this kind of operativity, such as:

• Passwords were only rated as 25 percent effective
• Antivirus tools were rated as 31 percent effective
• Cloud security providers and cloud security tools received less-than-stellar ratings—41 and 46 percent saw them as ineffective.

What’s worse, 70 percent of these cybersecurity experts foresee a major security breach within their own organization within a year, with 59 percent citing insufficient security staffing and 56 percent citing insufficient budgetary resources to protect their operations.

Perhaps most discouraging is the idea that 53 percent of surveyed cybersecurity professionals stated that they felt serious burnout setting in. Considering that 2019’s stats placed this number at 40 percent, this jump is certainly severe.

What Can Be Done?

Based on the results of this survey, it’s clear that there needs to be a paradigm shift within businesses. Not only should cybersecurity be taken more seriously as these businesses go about distributing their available budgets, there also needs to be a greater awareness of the importance of cybersecurity on every level. Take, for instance, the importance of cybersecurity measures and how half of today’s available tools had such poor efficacy ratings. When passwords were only rated as effective by 25 percent, but multifactor authentication (84 percent), encryption (74 percent), and endpoint security (63 percent) saw much higher efficacy ratings, it seems pretty clear that the overall technology strategy that many businesses utilize needs to shift in the near future.

PC Technologies can help in this regard, as our team can assist your business in implementing and utilizing these improved cybersecurity measures—even now. To learn more about how you can protect your business from cybercrime through strategic technology and improved user training, reach out to us at 360-491-2227.

Understanding PCI Compliance

The credit card companies listed above make up what is called the PCI Security Standards Council. They have created a mandate that any business who wants to accept payment cards needs to adhere to. That means every business. So from the largest multinational corporation to the smallest street vendor, if that company needs to accept payment by credit, debit, or affiliated gift cards, they need to be PCI compliant.

This means that any business that stores information or processes payment using digital payment cards would have to maintain PCI compliance. Here are 10 actions those business need to take to meet compliance regulations:

1. Change passwords from system default
2. Install all sufficient network security tools (antivirus, firewalls, etc.) that will work to protect card data
3. Encrypt transmission of card data across public networks
4. Restrict the transmission of card and cardholder data to “need to know” basis
5. Assign user ID to all users with server or database access
6. Make efforts to protect physical and digital access to card and cardholder data
7. Monitor and maintain system security
8. Test system security regularly
9. Create written policies and procedures that address the importance of securing cardholder data
10. Train your staff on best practices of accepting payment cards

Fortunately, many businesses already do these things to keep the data they store safe. Companies that don’t will likely be in breach of the regulation, and therefore, face the ire of PCI regulators. 

PCI and Business Size

According to PCI regulators, the size of your business is in direct proportion to the amount of risk you take on. That’s why PCI Security Council mandates break businesses into four different merchant levels. They are:

• Merchant Level #1 - A business that processes over six million payment card transactions per year.
• Merchant Level #2 - A business that processes between one million-to-six million payment card transactions per year.
• Merchant Level #3 - A business that processes between 20,000-to-one million e-commerce payment card transactions per year.
• Merchant Level #4 - A business that processes less than 20,000 e-commerce payment transactions, and fewer than one million overall payment card transactions per year.

Let’s take a look at the responsibilities businesses in each merchant level have to stay PCI compliant:

Merchant Level #1
Doing massive business online and otherwise brings with it more responsibility. To maintain PCI compliance, Level one merchants need to:

• Perform a yearly Report on Compliance (ROC) through a Qualified Security Assessor (QSA)
• Allow an Approved Security Vendor (ASV) to complete a quarterly network scan
• Complete the Attestation of Compliance Form for PCI Council records

Merchant Level #2
As transactions begin to decrease there are less stringent standards. Level two’s include:

• Perform a yearly Self-Assessment Questionnaire (SAQ)
• Allow an ASV to complete a quarterly network scan
• Complete the Attestation of Compliance Form for PCI Council records

Merchant Level #3
Many medium-sized businesses will fall under this level and need to:

• Perform a SAQ
• Allow an ASV to complete a quarterly network scan
• Complete the Attestation of Compliance Form for PCI Council records

Merchant Level #4
The majority of small business fall into level #4 status and like levels two and three need to:

• Perform a SAQ
• Allow an ASV to complete a quarterly network scan
• Complete the Attestation of Compliance Form for PCI Council record

Data privacy is more important now than ever, and the payment card industry does a wonderful job policing their own. Companies found not to be in compliance with PCI DSS requirements face severe financial penalties, higher levels of scrutiny, and even the revocation of card processing privileges. 

If you would like to know more about PCI DSS compliance or any other regulation that concerns your information technology, call PC Technologies today at 360-491-2227. 

Understanding the Threats to Your Printer

There are a surprising number of ways that an unsecured printer can be compromised. Once something is printed, just about anyone could stroll on by and retrieve the paper. Print jobs could also be routed to other printers or manipulated, again breaking the chain of custody of the produced documents and potentially dispersing fraudulent data.

Data stored on the printer itself can also be harvested, and attackers have been known to use printers to infiltrate or directly attack a network system. Printing over Wi-Fi introduces similar security issues as well. However, printers still play an important role in most offices and other businesses today… So how can these threats be overcome?

By following some simple best practices, you may find that these security challenges aren’t quite so challenging to address.

Practices for Printer Protection

If you want to make sure that your own printing infrastructure is secure, you need to follow a few best practices:

• Keep your printers updated: Software updates are commonly released to help resolve potential security issues that may be within your technology solutions. In order to take advantage of these improvements, you have to actively apply these updates to the solutions you rely on.
• Implement access controls: Just as is necessary with anything that is connected to your network, your printing infrastructure needs to require some validation before someone can use it. Requiring access credentials that meet security recommendations is a good starting point.
• Require MFA: To further secure your printing infrastructure, you should also supplement your access controls with multi-factor authentication requirements.
• Disable unused services: The more services that you have active on your network (including those on your printing devices), the more access points there are for an attacker to take advantage of.

PC Technologies can help you see to your cybersecurity on every level, including protections for specific pieces of infrastructure like your printers. To learn more about the solutions you need to maintain comprehensive cybersecurity standards, reach out to PC Technologies at 360-491-2227.