PCI Vulnerability Scans – As part of our Managed IT Support Services and Maintenance Contracts, we are now carrying out regular external vulnerability scanning (PCI Vulnerability Scans). Helping us to ensure that our clients internet connections are secure.

Involving a server outside of your network. Running PCI Vulnerability Scans on your internet connection. Looking for any known vulnerabilities and issues. Ensuring that these scans meet a formal level. Striving to ensure that clients meet the PCI standard.

How will this effect credit card payments to the business?

Payment Card Industry Data Security Standard (PCI DSS) is a mandatory annual assessment and set of requirements. Introduced by 5 members of the PCI Security Standards Council; Visa, MasterCard, American Express, Discover and JCB. Enforced by all merchant acquirers protecting businesses.  PCI Vulnerability Scans can also protect customers against credit card fraud.

If your business takes credit card payments, being compliant is not just an insurance policy. Providing you with important financial protection. If credit card fraud was to occur in your business. It’s an important a necessity (you may have already been contacted by your bank). Achieving an excellent standard even if you don’t take payments. Enabling you to feel confident about the security of your network.

Why have we started doing this?

We have been running scans for about a year. In the light of the EU change in data protection laws that came into place on May 25th 2018 (GDPR). We now made the decision to scan with a recognised PCI partner. Striving to ensure that clients meet an industry standard.

What do we recommend?

We encourage clients to make additional security steps. Following as many of the below guidelines as practical, including:

•  Computer Virus Protection – Anti-Virus & Malware software is up to date on an hourly basis.
• Monitoring live Anti-Virus issues and talk to users about usage patterns. An example would be if we get an alert about a specific site being blocked.
• Windows is up to date on a regular basis every quarter.
• Users only have user rights on the network. If users have the correct security access then the majority of virus’ won’t even run!
• Windows UAC is in place – If a virus does try to run UAC will prompt the user to confirm if that is right.
• Users only have access to data that they require. In order to limit damage if there is an infection.
• An Email and Internet usage policy is in place. Users are then clear that the internet, email should only be used for business purposes.
• Restrictions on internet usage – so that many sites (including social media) are blocked. Reducing the chance of infection from a website. Blocking many virus’ that are started from within an email.
• Disabling USB and CDROM access.
• Encrypted drives for mobile devices, including smart phones, tablets and laptops.
• Restricting access to company data to only company owned devices. Ensuring secure connections and reducing access by insecure devices; home machines and personal devices.
• Blocking all emails that contain Macros – many virus’ are actually started from a simple Macro. By default we block all emails containing Macros as they are rarely required.
• Separating the Wi-Fi – so that this doesn’t give access to the internal network.

What we offer as part of the above

• FREE quarterly PCI scans – ensuring that the network is safe from outside attack. PCI compliance is a requirement from many banks and insurance companies.
• FREE training – for all staff highlighting what to look out for.

What are we offering to help make it easier?

We are also encouraging clients to work with us. Meaning they can achieve the Governments Cyber Security Certification.

If you have any queries regarding any of the points covered, please do not hesitate to give the office a call on 01227 371375.