Written by: Scott Koller, Infrastructure Support Manager
In the wake of the thefts from Target, Home Depot, Sony and Blue Cross Blue Shield, IT security has come to the forefront in the news. Modern day business networks for all companies have become more complex as we go further into the future, and the knowledge and software required to stay current is not cheap. Many companies come to the realization that to be secure would often cost more than it’s worth. Even a small company could easily spend a million dollars or more on security software and appliances but still have giant gaping security holes.
So how is your company expected to secure your data and your network from hackers to make it 100% bulletproof? The truth is YOU CAN’T! If your systems are connected to the Internet you are vulnerable. You can have your network 100% up to date with security patches and threat management appliances and software but still be vulnerable. In laymen’s terms, if there’s a way to get to the web, there’s a way for the others on the web to get to you or your customer data. So how do you protect yourself and your company?
The truth about IT security is that the goal is to make networks as impenetrable as possible by closing known vulnerabilities and making access to vital systems and information as difficult as possible. This is accomplished through software patching, firewalls, threat management, security monitoring, strong passwords, security procedures, log analysis, network segmentation and strong encryption. Follow this up with audits of all of these and you have just made yourself a very difficult target in a sea of mostly easy targets. But your company also just spent a large amount of time, money and resources to achieve it.
This is where PCI Compliance and choosing a reputable vendor comes in. PCI DSS 3.0 requires all of these security avenues to be in place and compliance is verified annually. PCI compliant companies are required to perform monthly audits of access to systems, keep antivirus up to date, threat management scanning, monthly vulnerability testing from the inside and outside of the company network, professional penetration tests, logging of all communication, encryption of our systems and a large number of other tasks. The costs associated with initial certification and ongoing maintenance do not make fiscal sense for most companies. In most scenarios the smart choice is to find a vendor who is PCI compliant that can also act as a business partner.
PBD Worldwide is proud to have obtained the highest level of PCI certification possible to validate and improve our ability to protect customer data. Click the button below to learn more about PBD's PCI Compliance.
