CYBER SECURITY INFORMER - news and tips to help you stay safe online and protect your network

10 Tips for Better Security That Doesn't Cost a Thing

When it comes to cyber security, business owners and employees often think about firewalls, anti-virus, and passwords. These are all critical elements of your organization's cyber security, but there are plenty of simple and cost-free ways to keep your private data under lock and key.

1. Use a lock and key. Really, keep that server room door locked to prevent suspicious "IT maintenance" guys from getting access to the goods.

2. Log off your computer when you won't be using it. Even better, turn it off. You'll be more secure and also use less electricity, lowering your carbon footprint. Green is good.

3. Limit Internet access. Many jobs require at least some use of the Internet, but most employees don't require unfettered access. Set up rules and stick with them.

4. Delete cookies daily. Make it the last thing you do before you go home.

5. Consider banning thumb drives from your office. They're notorious for spreading malware from computer to computer.

6. If you are ever suspicious that a web page might not be safe, check it out with the Google Safe Browsing tool at http://www.google.com/safebrowsing/diagnostic?site=mysite.com (Just plug in the domain name of the site in question after the equal sign).

7. Be wary of strangers bearing comments. Got a blog or a social networking presence? We all like commments, but sometimes bad stuff gets past your spam filter. Don't just automatically approve any nice comment that makes it through.

8. Don't help tailgaiters. When going through a secure access area in your building, don't let others follow behind. Data thieves don't necessarily need access to the server room if a networked computer is available somewhere else.

9. Never lend out your mobile device or laptop to anyone. Nobody ever lends their device to a scary stranger, yet bad things keep happening before these devices are returned (if they get returned). Don't become a statistic.

10. Insist to your colleagues, partners, suppliers and anyone else with whom you do business to be cognizant of security as well. If they get compromised, chances are that you could be, too.

In the next issue of Cyber Security Informer, we’ll be continuing to profile organizations that are helping make the world a more secure place. If your organization is doing its part to build a more secure future by protecting partners, customers, website visitors and application users from cyber crime, contact us today at info@pcis.com

Webinar on June 24: PCI DSS and the Basics of Data Security Compliance

In this Case for Security webinar, PCIS aims to help business owners and executives understand their compliance requirements so they can maintain business continuity through better protection.

To register for this free webinar, follow these simple steps.

1. Go to http://boonbox.webex.com/meet/boonbox
2. Click "Show All Meetings".
3. Click the "Register" link on the right in the Status column for "Case for Security Webinar: PCI DSS and the Basics of Data Security Compliance" and fill in the short registration form. You will be sent your registration confirmation information and instructions on how to participate.

Date & Time: Wednesday June 24, from 8:30-8:45 am Pacific Time

More event information for the PCI DSS and the Basics of Data Security Compliance Webinar

June 16, 2009

Check out Cyber Security Informer Back Issues

Cyber Security Informer is distributed by:

Pacific Coast Information Systems Ltd. (IT Consulting)

Boonbox, a division of PCIS (Security Packaged Services)

Contact PCIS

Toll-free 1.877.744.7558

In this issue:

* 10 Tips for Better Security That Doesn't Cost a Thing

* Webinar on June 24: PCI DSS and the Basics of Data Security Compliance

* Hacker Bait 

* Ask A Security Expert

Cyber Security Informer provides security news and tips to help organizations protect their business and their customers. 

Give us your feedback about Cyber Security Informer

Name
*
Company
*
Phone
*
Email
*
Feedback
Please tell us how you found out about PCIS


"Submit Feedback"

Resources Links:

 

Hacker Bait

The latest Hacker Bait list contains highly trafficked websites that have been found to have vulnerabilities that hackers and cyber criminals could exploit. 

This is not a complete list of all vulnerable sites on the Internet, but only represents websites where vulnerabilities were found within the past 90 days. These are only the latest additions to an ever-growing club of sites found to be insecure according to various public sources and online tools used in the web security industry.

If you would like more information on our data and why these sites are listed here, please contact PCIS

Hacker Bait Sites With Vulnerabilities Discovered in Past 90 Days

americanpressinstitute.org

antispyprotector.com

calgaryrestaurants.ca

checkmycity.com

drivermania.com

globalschoolnet.org

health-niche.com

icecreamman.com

locatelaptop.com

modchina.com

nationaltechcenter.org

niche-market-strategies.com

postalnetwork.org

scienceontheweb.net

selectionsguide.com

spikemagazine.com

starnetbusiness.biz

surviverecession.com

teacherportal.com

unitedfamilyhospitals.com

Ask A Security Expert

"Who has to be compliant with Payment Card Industry Data Security Standard regulations?"

Organizations that accept payment for goods or services from cards branded by Visa, MasterCard, American Express, JCB and Discover all have to be compliant with PCI DSS. Since these are the most common brands of credit cards, in practice this means any organization that accepts credit card payments, period, needs to be compliant. Note that Canadian debit cards are not in scope for PCI compliance, but American debit cards do fall under these regulations.

Service providers that are directly involved in the processing, storage or transmission of cardholder data are also responsible for PCI DSS compliance.

As noted before in Ask A Security Expert (What is PCI DSS and How Does This Affect Me?), PCI compliance means cardholder data should not be stored unless absolutely necessary. Sensitive authentication data such as that contained on a card's magnetic strip should not be stored at all. Payment card data should not be stored on any payment card terminals, or unprotected PCs, laptops or smart phones. Server rooms need to be locked and fully-secured. These are just a few examples of compliance rules companies must be aware of.

PCIS has helped organizations improve their PCI DSS compliance. If you would like more information about how we can help, contact us.

Boonbox and Pacific Coast Information Systems Ltd.

Boonbox is a division of Pacific Coast Information Systems Ltd., specializing in products for web security, network security, password management and data backup.

PCIS is a Vancouver-based company which provides strategic consulting, application development, technology solutions and managed services to companies and government organizations throughout North America.

HOW TO SUBSCRIBE/UNSUBSCRIBE

SUBSCRIBE: To subscribe to Cyber Security Informer, send a blank email message with subject line "SUBSCRIBE" to informer@pcis.com

UNSUBSCRIBE: If you do not wish to receive future issues of Cyber Security Informer, send a blank email with subject line "UNSUBSCRIBE" to:informer@pcis.com and we will promptly remove you from our distribution list.

WE WANT YOUR FEEDBACK

Our purpose for providing this free service is to keep our clients and business contacts informed of technology developments. This information can help them resolve common problems and achieve their full potential by strengthening their business processes and infrastructure. Your input is important to us and we welcome your ideas for new features and how we can continue to improve our service to you. Send your comments and suggestions to informer@pcis.com or contact us directly at 604.844.7558