Watchguard, provider of quality firewall and security products for small, media and enterprise business made a “Social Media Release” today that outlines a list of PCI Pitfalls for Retailers.

It is quoted below  in its entirety but can be found here.

I’ll be posting about the new WatchGuard XTM 33 designed for Small/Medium businesses, and may be ideal for retailers!

Should you wish to purchase a WatchGuard product, receive more information or support, please call us at 864.990.4748 or email info@homelandsecureit.com… We are a WatchGuard partner!

—

Social Media Release:
WatchGuard Lists PCI Pitfalls for Retailers

NEW YORK (January 16, 2012) – WatchGuard Technologies

Highlights / News Facts:

Businesses that process, transmit or store cardholder data must implement security controls as defined by the latest PCI DSS standard. The following are the nine common PCI DSS compliance pitfalls that many retailers fall into and tips to avoid them.

• 1) Faulty firewall installation or configuration
  Many DIY (do it yourself) projects are easy; properly configuring a firewall is not one of them. According to WatchGuard research, a majority of small business security breaches are the result of improperly configured firewalls. Best practice: Use security certified technicians or trained resellers to ensure firewall configurations are proper and up to date; regularly audit firewall configurations as people and IT resources constantly change.
• 2) Relying on vendor supplied defaults for system passwords
  Not only is it critical to change vendor supplied default passwords, be sure to use something other than “password” as a password. According to a recently published research report, the most common passwords are: 1) password, 2) 123456, 3) 12345678, 4) qwerty, 5) abc123, 6) monkey, 7) 1234567, letmein, 9) trustno1, and 10) dragon. Best practice: Change vendor settings and utilize strong passwords.
• 3) Failing to utilize IPS to protect stored cardholder data
  There are multiple ways to help protect stored cardholder data. One key technology that is often overlooked is IPS (intrusion prevention systems). IPS is to hackers as anti-virus is to viruses. IPS keeps hackers out and helps cardholder data stay safe. Best practice: Make sure intrusion prevention systems (IPS) are up and running.
• 4) Not encrypting transmission of cardholder data across open, public networks
  Encryption is a key component to PCI DSS compliance. A common problem occurs in the transmission of credit card data, which is often done in unencrypted email. Best practice: Use encryption everywhere, and especially in email systems where any type of sensitive information may be transmitted.
• 5) Failing to use and regularly update anti-virus software or programs
  Unlike desktop/endpoint anti-virus (AV), gateway anti-virus stops threats right at the entry point of a network. Using gateway AV adds an additional layer of defense at the primary point of attack, and because it functions at the gateway, users see no degradation of performance on their local computer. Best practice: Use gateway AV in addition to endpoint AV for maximum defense in depth.
• 6) Not maintaining secure systems and applications
  Many businesses do a good job at maintaining secure systems, however what is often overlooked in today’s social media business world is application security. Most firewalls are incapable of distinguishing a web application from a website. Because of this, crafty cyber-crooks create web applications as a way to sneak past the firewall and steal cardholder data. Best practice: To gain control over web applications, businesses utilize the latest generation of UTMs and firewalls that include application control.
• 7) Providing access to cardholder data to those who do not need to know
  About 80 percent of security violations happen from within an organization. In order to reduce that figure, businesses should use the “least privilege rule,” which parallels the same concept of “need to know.” Users should be granted the minimum necessary permissions and privileges that are required for them to accomplish their jobs. When employees have access to data that they should not, bad things often result. Best practice: Use RBAC (role based access controls), separation of duties and other forms of “least privilege” to make sure data is restricted to those who absolutely must have access to it.
• Forgetting to track and monitor all access to network resources and cardholder data
  Unfortunately, many businesses take a “fire and forget” approach to network security; once the firewall is set, they forget to check the reports. Many security breaches can me mitigated early on simply by checking reports and logs on a regular basis. Best practice: Establish a routine of checking logs and reports to spot trouble before it blossoms into headline security news.
• 9) Not having an information security policy
  In order to meet PCI compliance, businesses must create an information security policy that is up to date, and that addresses the security requirements as proscribed by PCI DSS. This should also include operational security, system usage, security management and other related policies. Best practice: Get IT, HR and other business stakeholders to regularly review information security policies.

Keywords:

PCI DSS, Network Security, Firewall, Cardholder Data, Passwords, Encryption, IPS, Anti-Virus, Application Control, Next-Generation UTM, Policy

Quote:

• “The PCI DSS standard is a model that many businesses – even non-retailers can look to in order to maintain best security practices,” said Eric Aarrestad, Vice President at WatchGuard Technologies. “The devil is in the details when it comes to security. Hopefully, this quick list helps remind businesses owners and IT management that little things can make a big difference in preventing data loss.”

An Early Christmas for Ryan

We love to give things away! From Cisco Flip cameras to X-Box 360 game consoles and everything in between…

Our November giveaway was a copy of Trend Micro Titanium Internet Security 2012 and the randomizer picked Ryan Montgomery…

You may know Ryan from Twitter as @MontyPhotoArt, but if you don’t know him at all, you should take  moment to look at his work, he’s one heck of a photographer!  Here’s his facebook page: https://www.facebook.com/RyanMontgomeryPhotos

If you didn’t win this time, there will be plenty of other free stuff! The more you connect with us, the more “entries” you get to our little games.

Actually, everyone is a winner.  We’re discounting Trend Micro Internet Security 2012 from the normal retail of 49.99 to only 30.00 because we want everyone to be protected!!!!  If you want this awesome anti-virus for your computers because you will only settle for the best, then come on down and pick up your copy. I doubt we will be able to offer this rate much longer though, so hurry! When our vendor realizes they have been charging too little and raise their rates back up, we will have to follow suit. We have about 50 copies in stock currently.

This deal is only good at our 104 Mauldin Rd, STE E, Greenville, SC office. At this price we can’t ship it to you…

Need anti-virus for your business? Trend Micro and Homeland can help you out as we offer protection for one computer or a thousand, including servers, Microsoft Exchange mail servers and more!  864.990.4748 or info@homelandsecureit.com for more information.

We believe Trend Micro’s Titanium Internet Security 2012 is the best anti-virus, anti-spyware & anti-spam package at any price, however one lucky person is going to get it from us at absolutely no cost this month!

Titanium Internet Security 2012 includes everything you would expect in an anti-virus package with a few extras…

• Blocks email and image spam
• Blocks and finds malicious links in emails and IMs
• Blocks downloads and access to malicious websites
• Fake AV cleaner – eliminates malware posing as antivirus software
• Protects from viruses, spyware, worms, trojans, botnets and rootkits
• Utilizes the Trend Micro Smart Protection Network to proactively stop threats before they reach you
• Prevents unauthorized changes to your applications
• Skinable interface (allows customizing Trend with a favorite photo or image)
• Windows Firewall Booster
• Protect your children – restrict internet content and set access schedule for your kids with Parental Controls
• Maximize your PC’s performance – System Tuner improves PC performance by cleaning up browser history, cookies, temporary files, registries and more
• Protect and defend your data from loss and theft with Data Theft Prevention to keep information like credit card numbers and passwords safe
• Secure Erase – shreds computer files with sensitive information to keep it from being easily recovered
• Includes SafeSync – secure online backup with sync, sharing and mobile access (2 GB cloud backup)
• Includes a  copy of Trend Micro Smart Surfing for Mac

So how can you score such great anti-virus for yourself or your business?  Homeland Secure IT is a partner with Trend Micro and recommends this product as well as sells it and installs it.  The suggested retail price is only 49.99 for the first year, with renewals generally costing less. You can call us at 864.990.4748 or email info@homelandsecureit.com for more information.

However, since this is the Thanksgiving season, and we want to give you our thanks for supporting us this year, we are going to give away one copy of this software, and maybe a couple copies if the interest is high enough.

We will draw on December 1st and announce the winner on our blog, Twitter, Facebook and Linked In.

You enter by subscribing to our mailing lists HERE, subscribe to this blog, LIKE us or link us on Facebook, Mention us on Twitter, or give us a Google Review, or otherwise connecting with us.

Here’s a list of how you can connect with us!

For every way you reach out to us, we count that as an entry. So if you join our mailing list, leave a review on Google, post a link on twitter and like us on Facebook, that is FOUR entries !  If you have already connected because you love us, or because you wanted to win something like the X-Box we gaveaway, don’t worry, you are STILL in our list and need do nothing.

The winner who is selected must be able to come pick up the item at our office in Greenville, SC. We will not ship it to you.  If you do not want it, or you do not claim it within 7 days, we will pick another winner!

Good luck!

One conversation new or potential business owners may want to have with their IT professionals is about what technologies exist that can improve their life. Below you will find some that are must haves…

Apple iPhone

Smartphones: Whether it is an Android, iPhone or even a Windows based phone, you cannot survive without one. These devices provide instant communication with your clients through email, text message and phone, along with the ability to browse the web and select from tens of thousands of applications to assist in your business. Your clients will not wait for you to get to your office to respond to an email. Even a quick, “I’m driving, will respond as soon as it is safe” auto-response is better than no response. The cost of a typical phone can range from 100 to 300 dollars per phone depending on features and term of contract from the carrier of your choice.

Square Credit Card Reader

Credit Card Processing: If you expect to get paid, then you need to accept every form of payment possible, including plastic. Yes, you will lose a little bit on the sale, but you will gain an instant payment. If you are just getting started, without purchasing a machine or paying a monthly charge, you can accept credit cards anywhere you have a cell signal using the Square credit card application with your smart phone and the free reader device that they provide to you. No per-swipe fee, and less than 3.0% charge. Fast, secure, and in your account the next business day. Find it in your phones’s marketplace.

Reliable & Fast Internet: There are a lot of choices these days for fast internet, from DSL to cable to fiber, and the old tried and true T1 standard, but some businesses may find that a wireless broadband internet plan may be enough for them. We recommend Charter Business in most situations, but that varies depending upon what is available at the business location. One advantage to using a cellular based broadband internet connection is that you can take it with you, which is great for businesses that are not tied to one specific location. Typical 4G plans will provide over 5 meg down and up to 2 meg up. Verizon Wireless offers the MiFi devices for around 50 dollars with 5GB plans for 50 dollars per month.

IP Surveillance Cameras

IP surveillance: Sure it sounds like the CIA, but IP security cameras at your business will decrease loss of inventory, increase productivity, and may provide an insurance savings. You can even keep tabs on your employees using a smartphone or any web browser to view these camera. Recordings can be reviewed after events occur, and most systems can email you when there is movement in a particular location. Prices range from $150 for a single entry level camera into the $2000 range to cover an entire business. You can install yourself, or get an IT provider to handle this for you for the most professional results.

Email: This is a no-brainer, but many small businesses will cut corners here. A Hotmail account will work for sure, but who wants AcmeWidgetCo@hotmail.com on their business cards. At the very least, your business should use a service that allows for linking a domain to your mail, such as Google Apps (Gmail) or Microsoft Office 365. This gives you a professional appearance, and provides for important features such as linking of your smartphones, sharing of calendars between users and so much more. Microsoft Office 365 costs about 5 dollars per person per month and gives you up to 20GB of storage.

Anti-Virus & Security: Far too often this is overlooked, or taken for granted. A business that is vulnerable to viruses or malware is a business that could experience costly downtime and repairs, not to mention, open yourself up for compliance violations and potential fines or legal issues depending upon the field you are in. The components of a secure network are as simple as a quality firewall like those offered from Cisco, Watchguard or SonicWall, an anti-virus software package from Trend Micro or Symantec, and taking the time to apply updates to the Operating System (Windows, Mac, etc) and support software (Microsoft Office, Adobe Reader, Adobe Flash, JAVA).

Backup: When disaster strikes, you need to be prepared for it. Having backups of your important files will insure you are not out of business when a computer or server fails. Backups technology can be as simple as an external USB drive or remote backup solution, or on the other end of the spectrum, as complicated as auto-loader tape drives. One thing is for sure, ANY attempt to backup your data is better than none. For automated cloud backup solutions, consider Servosity or Mozy Pro.

Here at Homeland Secure IT, we utilize a vast array of technology and we also help many small and medium businesses and even home offices stay up to date. If we can help you with decisions regarding your Greenville or Upstate technology infrastructure, please call us at 864.990.4748 or email info@homelandsecureit.com. We offer sales, service, repair and consultation of everything from computers to VoIP.

What is your “must have” business technology? I would love to hear about it.  VoIP phone systems? iPad, Android or Windows based tablet computers? A favorite app (We love TiKL & Waze)?

Homeland Secure IT Alert

Homeland Secure IT Alert for Friday, September 30, 2011

An update to Microsoft Security Essentials (MSE) and Microsoft Forefront Endpoint Protection was causing grief for many users today as it incorrectly flagged the Google Chrome browser as malware.

The typical behavior was for an alert to be displayed stating that “PWS:Win32/Zbot” was found and that it needs to be removed. What is really removed is the Chrome.exe, so you are left without your favorite browser.

Attempts to reinstall Chrome fail with additional warnings.

Microsoft has stated that a faulty virus definition update was the cause. and by 10AM Pacific time, an additional update was released to correct that behavior.

If this has happened to you, a manual update of the MSE or FEP should fix you up! Of course, you will still have to reinstall Google Chrome.

Homeland Secure IT Alert

In what is becoming way too common, the popular site, mysql.com was exploited, and used to distribute malware by redirecting visitors to another site this week.

Anyone browsing to mysql.com yesterday would have been redirected, and without even being prompted, then likely been exploited themselves by the software running on the rogue website which apparently looked for vulnerable browser plugins to use for an injection point.

Trend Micro’s smart web filtering may have caught this and stopped it, but one thing is for sure… Doing everything you can to protect yourself from this type of exploit is more important than ever.

You should always insure you are running up-to-date and mainstream/quality anti-virus software (Such as Trend Micro), and also keep your operating system (whether Microsoft Windows, Apple Mac OS X or even linux), browser, and all support software such as Adobe Flash Player, Adobe Reader and JAVA, as well as Microsoft Office fully updated!

Another thing you should consider is backups! With the cost of USB hard drives at an all time low, and online backup (Like our Servosity offering) being an easy install, configuration and affordable, there is no excuse to not have backups.

Should you need assistance in the Greenville / Upstate SC area determining what you or your business needs, please contact us at 864.990.4748 or email info@homelandsecureit.com. We provide sales of Trend Micro, Symantect & McAfee anti-virus protection, virus cleanup & removal, and can handle your computer service & computer repair tasks!

This may come as no surprise to those who have been around computer security for a while, but the BIOS viruses are making a comeback!

One of the first made its debut back in 1999 and was known as “CIH”.  But Symantec is reporting a new killer on the block called “Trojan.Mebromi” that affects the Award BIOS and seizes control of a system even before you get to the MBR (Master Boot Record).

Expect this trend to continue….

Read more about it here:

http://www.symantec.com/connect/blogs/bios-threat-showing-again

As always, please insure your systems are using the latest anti-virus (We suggest and sell Trend Micro products such as the amazing Trend Micro Worry Free Business Security), that all updates are applied to your Microsoft Windows operating systems, all applications and support programs from Microsoft Office, to Adobe Reader, Flash and JAVA are at the latest patch levels. Obtain a quality firewall, and use common sense! And don’t forget to BACKUP!

If you suspect your system may be infected, or want to know how to better protect your computer or an entire business full of computers and servers, please call us at 864.990.4748 or email info@homelandsecureit.com.  We offer virus removal and cleanup in the Greenville / Upstate, SC area.

We provide sales, licensing, installation and support for Trend Micro and Symantec products. We can sell you one seat, or protect your business with 1000 users!

Trend Micro Titanium 2012

Trend Micro has unveiled their Titanium update for 2012!

Keep your identity, data and social network protected from a new generation of threats. Staying safe online these days is about more than just avoiding malware. You have to protect your device, your privacy, your personal data, your social network, and your family against an army of new threats. Given that abandoning the Internet completely isn’t really an option, how do you accomplish all these goals at once? The new Trend Micro Titanium 2012 is packed with powerful new and enhanced features to help you protect the many aspects of your digital life-and can do it in a way that’s fast, simple, and easy to manage.

Nobody wants security software that hogs disk space, presents constant pop-ups and alerts, or that’s complicated to install—so Titanium 2012 provides automated security with a small footprint that anyone can use. Titanium 2012 offers the strong, fast security that gave Titanium its name—but this new version includes powerful features and enhancements to keep you protected from the next generation of threats:

• New social networking protection
• New easy to customize console
• New fake AV cleaner
• New proactive botnet protection
• New proactive PE virus protection
• New method to detect packer-encrypted malware
• Enhanced virus and spyware detection and cleaning
• Enhanced behavioral monitoring
• Enhanced rootkit detection and removal

The new Titanium 2012 is still powered by the Trend Micro™ Smart Protection Network™ infrastructure, our cloud security infrastructure that stops threats in cyberspace or “the cloud.” Smart Protection Network monitors the Internet 24/7, worldwide. It gathers and analyzes threat data, blocking viruses and other malware before they can reach your PC. And because processing is done in the cloud, Titanium 2012 uses less of your PC’s memory and disk space.

If you would like more information about Trend Micro’s Titanium 2012 Maximum Security product or any of the other Trend Micro products, from endpoint to server, from home to enterprise, please call us at 864.990.4748 or email info@homelandsecureit.com.

We specialize in providing Trend Micro licensing, sales, consultation, installation and support to Greenville / Upstate SC small, medium and enterprise business clients. We offer and recommend Trend Micro Worry-Free Business Security as the primary line of defense for small/medium businesses! From one computer to 1000!

I was asked by a client why we haven’t been giving away stuff…  That’s a good question! I don’t know, we just got distracted with work or something.

If you remember from a while back, we gave away a Cisco Flip Mino HD camera that we won in a contest, and we also gave away a really cool wireless network security camera, some Trend Micro Titanium Anti-Virus product, and a few other little things here and there via silly contests with few rules.

So what should we give away and why?

The Flip was given away because you guys helped us win a contest, the network security camera was to introduce a product to  you that we offer, and Trend was because was love their anti-virus product and want everyone to use it!

Stay tuned here, we will come up with something…  Maybe an X-Box 360?  (We won one of those ourselves!)

It will come as no surprise that anything newsworthy results in the creators of malware intensifying their efforts to spread their malicious code. The demise of Usama Bin Laden in no exception as various attempts to entice people to follow links through are being reported all over the place. I have seen 3 people I follow on social media who were posting malicious links already.

As always, if you see a link such as “See Bin Ladens last moments” on someone’s Facebook profile, don’t click it, it is likely not something you want.

Using a reliable and trusted anti-virus with web filtering capabilities, keeping your computer operating system up to date, as well as all supporting applications such as Java, Microsoft Office, Adobe products, etc is always a great idea. We recommend and offer Trend Micro for anti-virus for either your personal desktops or for your entire business network security! We also offer complete computer security, repair, support and sales in the Greenville & Upstate SC Area.

If you would like additional information, please contact us at 864.990.4748 or email info@homelandsecureit.com

While we are on the subject of Bin Laden, let me take a moment to thank our military and everyone involved in the events of the last 24hrs. I think we may all sleep a little better at night….