• A Practical Guide to Merchant Cybersecurity

    A Practical Guide to Merchant Cybersecurity

    Understanding how PCI DSS, Point-to-Point Encryption (P2PE), Next-Gen Firewalls, and Advanced Threat Protection work together to secure your business.

  • Imagine the Impact: POS Ransomware

    Imagine the Impact: POS Ransomware

    July 19, 2017
    Point-of-sale (POS) malware continues to make headlines and inflict damage on brand reputation and profit margins alike. Cybercriminals can widely impact most or even all locations by exploiting the POS system itself. It’s not much of a leap to go from POS malware stealing credit card data to POS ransomware holding a business hostage. The difference: Typical credit card malware must successfully persist on the target’s network for months while it syphons off credit card data. A ransomware attack needs only minutes to execute its plan.

  • eBook: Healthcare Cybersecurity Plan

    eBook: Healthcare Cybersecurity Plan

    March 10, 2017
    In 2016, we began encountering larger groups of cyber criminals enacting coordinated attacks against corporations and even government institutions. Breaching a network is tough business, but defending one is even tougher. The rule of thumb is that an attacker only has to be right one time and a security specialist has to be right every time. It is for these very same reasons that Netsurion recommends using every tool at your disposal to deflect these attacks and protect against these threats.

  • eBook: Cyber Security Basic Training

    eBook: Cyber Security Basic Training

    November 1, 2016
    In this eBook, we will explore some of the basic ways that businesses of all sizes can keep their computer systems safer. While it is impossible to say that a system can never be breached, if you deploy some basic steps to help protect your system and your data, then you are far less likely to experience a breach.

  • Netsurion's Defense Against Backoff

    Netsurion's Defense Against Backoff

    May 20, 2015
    A common complaint surrounding data security is that the steps required to maintain protection tend to interfere with efficiency, thus causing employees to blur the line or even outright circumvent the security measures which can lead to a breakdown in the overall protection of the network quite quickly. This isn't to say that you have to compromise efficiency for security.

  • Approved Software Does Not Equate to PCI Compliance

    Approved Software Does Not Equate to PCI Compliance

    September 16, 2014
    There is a misconception concerning how to become PCI compliant. Frequently, we have heard, “My software is approved, so that should make me PCI compliant.” This is simply a fallacy. Anyone that makes this conclusion could be open to any number of vulnerabilities which by themselves would negate the possibility of PCI compliance.

  • Boost Security to Thwart Malware and Hackers

    Boost Security to Thwart Malware and Hackers

    September 11, 2014
    Recent electronic intrusions in some of the most well-known retailers have caused business owners around the country to question whether or not they are susceptible to cybercriminals and malware, and what they can do to protect themselves. It is sometimes difficult for those charged with securing a point-of-sale (POS) system to know where they should focus their attention. While standards like the Payment Card Industry Data Security Standard (PCI DSS) have numerous requirements, that when followed, will have a positive impact on security, it can be overwhelming to start with such a large multi-faceted approach.

  • Cloud Computing in a Restaurant Environment

    Cloud Computing in a Restaurant Environment

    September 01, 2014
    Sometimes a new technology comes along which does not fit cleanly into the standard, making compliance an even greater challenge. Restaurant groups implementing Cloud Computing are challenged to create a balance between meeting their performance objectives and complying with the PCI compliance standard. This paper attempts to discuss Cloud Computing in detail and list where Cloud Computing and PCI compliance are sometimes in conflict.

  • Five PCI Security Deficiencies of Retail Merchants and Restaurants

    Five PCI Security Deficiencies of Retail Merchants and Restaurants

    The five major credit card brands (Visa, MasterCard, American Express, Discover, and JCB), joined forces in 2004 to create the Payment Card Industry Data Security Standard (PCI DSS). Its sole purpose is to assist merchants in building a security program that meets the requirements expected by the card brands. Since then, businesses have been scrambling to make their systems PCI compliant. Many have made great strides in making credit card transactions more secure; however, five common shortcomings often throw the PCI compliance efforts of brick-and-mortar restaurants and retailers off track. This paper will discuss those deficiencies and provide some general guidance to overcome them.

  • Control Your Security and PCI Compliance Will Follow

    Control Your Security and PCI Compliance Will Follow

    From November 27 - December 15, Target Corporation was the victim of a cyber attack that successfully stole approximately 40 million credit cards and 70 million records of personal data from their computer systems. Through the use of insecure remote access, and some insidious malware, hackers were able to penetrate the security of the company and steal data worth millions of dollars. Since then, this same method of intrusion, albeit on a smaller scale, has been repeated at numerous retail establishments throughout the country. The one factor that all of these recent thefts had in common was that they could have been prevented if the businesses involved had implemented some much needed security.

  • Wireless POS Helps Make Your Business More Efficient

    Wireless POS Helps Make Your Business More Efficient

    Regarding wireless technology, the Payment Card Industry Data Security Standards (PCI DSS) requires that strong cryptography is used whenever credit card data is sent wirelessly. In addition, it requires that there is a firewall managing the communication between wireless data and the point-of-sale (POS). Specifically, non-POS (wireless) traffic should not be able to communicate with the part of the network where sensitive cardholder data resides. Other requirements pertain to physical security of the infrastructure, and policy and procedures associated with using and tracking the technology.