What to Know About PCI Data Storage Guidelines

At the core of the Payment Card Industry’s Data Security Standard, or PCI DSS, is to protect the sensitive credit card data that companies store for their records. As a global organization, the PCI Security Standards Council is concerned with the security of this data from a worldwide perspective and their standards impact organizations across the globe, such as financial institutions and software developers who are responsible for creating the payment processors.

The council’s mission is to create a set of standards and guidelines that businesses of all sizes could follow in order to keep stored credit card information and customer data secure. Businesses that need to accept credit card payments need to maintain PCI DSS compliance in order to keep this data safe. Here is an overview of some of the guidelines and how to adhere to them:

Follow Data Storage Guidelines

The main goal of the PCI DSS security standards is to regulate how businesses that have a legitimate need to collect credit card payments store and maintain this customer data. It is important for these businesses to know not only how to store the data but which information is able to be collected to remain compliant with the standards. For instances, entry devices and payment processors that these businesses use need to be approved by the PCI Security Standards Council. All the major credit card brands require PCI DSS compliance so it is important that businesses that accept payments such as American Express, Master Card, Visa, and Discover adhere to the guidelines, as well.

Know What isn’t Allowed

Besides knowing what the guidelines are for remaining PCI DSS compliant, it is also important to know what not to do. For example, businesses should be wary of storing sensitive data unless it is deemed absolutely necessary. It is also wrong to store sensitive PIN numbers or the three or four digit verification code that is located at the back of credit cards. These are safety features and making sure that this information isn’t stored offers another level of security. All printouts generated from PED terminals should be masked, and data should never be stored in devices such as smartphones and laptops that are considered insecure. PCI DSS guidelines require a certain level of security in order for the businesses to remain compliant. It is also important to limit the number of people who are able to access the sensitive data, and to also prevent those who aren’t authorized from getting at the information.

Confused as to how to remain compliant with the PCI DSS standards? For businesses that accept credit card information from their customers and clients, it is important that the PCI DSS standards are adhered to in order to keep sensitive data safe and secure. Please contact Roan Solutions for assistance on how to keep credit card data safe by maintaining PCI DSS compliance.

Posted in News

How to Maintain PCI-DSS Compliance

Credit cards

Keeping credit card data secure is a top concern for businesses of all sizes. Not only that, but credit card information isn’t the only thing that’s at stake – the sensitive customer data that is associated with the credit card information is also something that needs safeguarding. That’s exactly why the industry enacted the PCI-DSS regulations – to keep this sensitive information secure.

Businesses, however, often need clarity as to how to remain compliant with these standards. It isn’t a simple matter of visiting the issue of PCI-DSS compliance only once. It is important to make sure that the standards are maintained. Here’s a look at how businesses can secure this sensitive data by following the PCI-DSS regulations that have been set up by the industry:

Analyze Existing Systems

The first phase of staying current with PCI-DSS compliance standards is to assess the current system for vulnerabilities. Take inventory of all IT assets that involve data storage as well as credit card payment process methods. It’s also a good idea to identify all cardholder data that the company has stored as well as the systems that are used to store this data. The goal is to identify existing problems so that they can be addressed.

At this stage, it’s also a good idea to make sure that the firewalls, virus protection software, and servers are all up to date. Out of date equipment and software is much easier for hackers to crack. This is also the time to check if data encryption methods are up to the industry standards.

Address Vulnerabilities

Once the systems are fully analyzed and the vulnerabilities are identified, the next step is to take action. The first step is to assess what the current PCI-DSS standards are so that they can be enacted. The PCI-DSS Security Council is in place to analyze existing threats and make sure that they update their guidelines accordingly. As a result of that, compliance standards could change throughout the year. Knowing what these changes are can help businesses keep their data safe.

After becoming acquainted with the guidelines, IT departments are well poised to adhere to the guidelines while also addressing the existing security vulnerabilities. This includes installing new firewalls or updating existing ones, updating the anti-virus software, updating other software programs, and making sure that the company’s equipment is up to date. The process of keeping equipment and software current is something that should happen on a regular basis.

Many companies only assess their systems once a year to make sure they remain compliant with PCI-DSS standards. However, compliance is something that needs to be regularly maintained, and only checking once a year can leave sensitive information vulnerable. It is much better to continually check all systems to make sure they are all up to standard. However, businesses are often unsure of how to proceed. Roan Solutions can assist businesses maintain their PCI-DSS compliance standards.

Posted in News

Businesses Should Update Their Cyber Security Strategies for 2017

businesses-should-update-their-cyber-security-strategies-for-20178Once a company’s initial cyber security plan is set up, many of them believe that’s all they need to do. That couldn’t be further from the truth! As hackers get more sophisticated in their tactics, it’s so important to change the cyber security plan accordingly. Not doing so could leave businesses vulnerable to security breaches, which could put sensitive company and customer data at risk. For many businesses, this could translate to lost revenue and depending on how bad the security breach was, it could even force the business to close. Here’s a look at what businesses should do in the New Year to make sure their cyber security strategies are up to date:

Develop a Good Password Strategy

Passwords are the first line of defense when it comes to cyber security. Many businesses don’t require their employees to change their passwords often enough and in doing so, make it much easier for hackers to crack. Another issue is that employees often generate the passwords themselves, and they often select passwords that are easy to guess. Company IT departments should set the requirements for how often the passwords are changed, as well as the rules for coming up with passwords that aren’t easy to crack. The best bet is to use passwords that are generated randomly and have no personal meaning to the user.

Consider Using Two-Step Verification

Now that hackers have gotten more sophisticated, it isn’t enough to require only a password to allow access. No matter how strong the password is, a diligent and experienced hacker could likely still crack it. To make the security measures more effective, consider using a two-step verification process that would require the user to provide an additional piece of information after the password was added. The two-step verification provides a much stronger first line of defense against security breaches than just a strong password alone.

Mitigate Security Risks With BYOD

Bring Your Own Device (BYOD) capabilities have revolutionized the workplace. By enabling employees with the ability to use their personal devices, such as their smartphones and tablets, it does help increase productivity. The downside is that it poses another security threat that needs to be addressed. When businesses of all sizes implement BYOD, many of them fail to enact cyber security policies to go along with it.

To make company data more secure, IT departments should examine the existing policies and make changes to these policies. First, they should ensure that the Internet that employees have access to be secure and reliable. Another way they can make BYOD safer ad more secure is to inform employees as to which device settings they should enable or disable and also control social media and application usage on their devices.

The New Year is a great time to make sure that existing cyber security policies are as effective as possible. By reviewing the existing plan and making any necessary changes, businesses of all sizes will look forward to a more secure New Year.

Posted in News

PCI-DSS Compliance and Protecting Sensitive Credit Card Data

All businesses that accept credit card payments are at risk for experiencing a data breach. Often, these incidents are reported in the news – but not always, which means that these cybercrimes happen more often that people think. Large businesses have the resources to recover from these data breaches when they occur, but the same isn’t true of smaller businesses. Often, a data breach of even a small number of credit cards can cause the business to lose too much revenue and eventually need to close.

However, no matter the size of the businesses, the ideal situation would be to prevent these cybercrimes from happening in the first place. By taking a few preventative measures, such as continually monitoring networks and to maintain PCI compliance, it is possible to prevent these data breaches in the first place. Here’s a closer look at what can be done:

Maintain PCI-DSS Standards When Creating Internal Policies

It is critical that all businesses maintain PCI-DSS, or Payment Card Industry Data Security Standard, when formulating internal policies for the process of taking payments and handling customer data. These standards are in place to protect both the customer and the businesses, and compliant with them is crucial for safeguarding this information. It is also important to educate all staff members not only concerning these policies, but also on how to properly handle sensitive customer information.

Establish a Plan for Monitoring Networks

Businesses need a solid plan for monitoring all company networks in order to decrease the chances that they’ll become the victim of a cybercrime. Most businesses need a Security Monitoring Appliance in there network to monitor, detect and report on suspicious activity and to assess if there is an existing vulnerability that needs to be addressed, or even if there is a data breach that is already occurring. The idea behind early detection of suspicious activity is to identify possible breaches before they ever start or when they are in the early stages. Here at Roan Solutions we can provide network monitoring and suspicious activity detection 24/7.

Keep All Company Systems Up to Date

One of the things that can make a business’s sensitive data vulnerable is out of date equipment and software. It is crucial for IT departments to keep systems patched and to also keep antivirus programs updated and constantly online. When software systems remain unpatched, this enables hackers to find ways to easily breach the system. Antivirus software offers another layer of protection but it needs to remain updated to be effective.

By following these steps, it is possible to prevent these potentially devastating cyber security breaches from occurring in the first place. This is especially important for small businesses that may not have the resources large businesses have access to. Please contact us for more information on how we help businesses protect their credit card data, keep their sensitive data safe, and help insure PCI compliance.

Posted in News

Managed IT Services Improve Business Efficiency


In many ways, IT departments form the backbone of today’s businesses. Most things that a business works towards required computers, Internet connections, servers, software programs, and other technological devices. Although these items may differ depending on the business, the basic idea is the same – without technology most businesses wouldn’t be able to thrive.

At the center of all this technology, IT departments have a crucial role. The departments’ jobs are to oversee the technology that a company uses. This includes issues of governance, designing and overseeing the IT infrastructure, and also implementing the various technologies for the greater good of the company.

In other words, IT both supports and manages the infrastructure and when its done right, it can make the company more efficient. However, not all IT is created equally. Here’s a look at why managed IT services are often better at increasing a business’s efficiency than internal IT departments:

Managed IT Services Can Handle Security Concerns

Often, internal IT departments are too close to a business’s IT infrastructure in order to effectively assess whether or not the security protocols are effective or not. In fact, internal IT departments aren’t always equipped with a staff that specializes in cyber security. The truth is, all businesses are vulnerable and not accurately identifying all the security risks a business could face is something that could decrease efficiency.

When a businesses experience a security breach or other security event, such as a natural disaster, this could not only result in a loss of valuable company data, but also cause the business to go offline, which could also cut into the company’s revenue. Rather than hire a security expert internally, businesses are much better off using a managed IT provider since they keep security experts on staff. Together, the managed IT provider and the business would come up with a security plan that will help keep the business safe and also make it more efficient.

Experience Leads to Efficiency

Using a managed IT services provider can also boost business efficiency because the business would have access to IT professionals who have a high level of expertise in the field. This means that no matter what type of IT service the company needs, there is likely a professional who can provide the necessary level of expertise. This not only saves the company time, but it also saves them money. When hiring IT professionals to service internal IT departments, it is often difficult to find candidates who can cover a wide range of skill sets. Managed IT services solve this problem by giving businesses access to everything they need at a fraction of the cost.

It’s true that managed IT services can improve efficiency. By giving businesses access to IT professionals who have a diverse breadth of skills, it can increase a company’s productivity. They also are particularly well versed in helping businesses keep their company’s valuable information assets secure, which can not only prevent valuable data from going into the wrong hands, but also prevent the company from going offline, which can decrease revenue.

Posted in News

How IT Departments Can Improve BYOD Safety

how-it-departments-can-improve-byod-safetyThese days, most workplaces have enacted a BYOD policy and many people do use their personal smartphones, tablets, and computers for work purposes. While BYOD makes employees’ lives easier, it can certainly cause headaches for IT departments. Since BYOD is here to stay, it’s up to the IT departments to make sure the associated security risks aren’t a factor. Here are some strategies that IT departments can use to help make BYOD as safe as possible:

Limit Personal Device Use

Although IT departments can’t really stop people from using personal devices at work, it is possible to limit which employees can actually access the business network. By restricting the amount of devices that are able to access the network, this can seriously reduce the risks. For instance, by making the business network only accessible to upper management, this allows IT the chance to approve the devices and also install security measures. That way, if a security issue does arise, it is much easier to identify a cause if there are fewer BYOD users.

Develop a Support Strategy

In many cases, it isn’t possible or practical to limit BYOD use to a select number of users. If BYOD is a widespread company policy, it makes sense to develop a sophisticated support strategy. Does the IT department have measures in place to help users problem solve issues on their devices? Will the business benefit from enacting community support tools, which will enable users to assist each other to take the burden off of the IT departments? In general, support strategies will vary depending on the nature of the business.

Encrypt Sensitive Data

Data is considered to be one of the biggest assets that a business has. Unfortunately, BYOD often causes this data to be vulnerable, which means that it is often easy for it to fall into the wrong hands. One of the ways that IT departments can protect sensitive data and keep it out of the hands of hackers is to encrypt it. Even though data encryption isn’t completely foolproof, it can still dissuade hackers from using the personal devices to breach the system.

Install Security Measures on Devices

There are plenty of security measures that can be installed on the devices, such as antivirus software and anti malware measures. Rather than leave this up to the device owner, however, it can help considerably if the IT departments made this measure mandatory. In fact, IT can take this a step further and actually recommend the security tools that will most effectively protect the devices. From there, it is up to the IT departments to make sure that the users are in compliance by installing the necessary security tools.

It’s true that BYOD can cause IT departments plenty of headaches. That’s why it’s important to make sure they’re up to the task. Be sure to contact Roan Solutions for assistance implementing a more secure BYOD policy.

Posted in News

How RTO and RPO Relate to Data Backup Solutions


When it comes to business continuity planning, it’s important to implement a system that not only backs up all important data, but to also have a recovery plan in place in case a disaster does occur. While it isn’t possible to predict when the disaster itself will occur, it is possible to be prepared in case one does happen. The goal of any data recovery plan is to recover as much of the data as possible. When forming the continuity plan, it is important to consider key metrics, such as the RTO, or recovery time objective, and the RPO, or recovery point objective. Here’s an overview of the RTO and RPO and what they mean in relation to data recovery:

What is RTO?

RTO, or Recovery Time Objective, is the target time needed to recover data after a disaster occurs before in order to avoid any consequences, such as permanent data loss. This metric is determined by calculating how quickly a business needs to recover the information. This metric is necessary in forming a data recovery plan because all of the details contained within the plan, such as the equipment needed as well as the overall budget, will depend on this metric. For instance, if the RTO is set at three hours, which essentially means that the business can survive being down for three hours, the budget needs to reflect an amount that will ensure that the system will be up and running within that period of time.

What is RPO?

RPO, which stands for Recovery Point Objective, refers to the maximum, targeted time-period in which the data might be lost completely. In other words, this metric has to do with your company’s overall tolerance to any data that could potentially be lost. It is calculated by analyzing the time that occurs between backups in relation to the potential data that could be lost if a disaster occurs between backups. So, if the RPO is set at five hours, this means that the business can only be without this data for five hours before the normal operation of the business suffers.

RTO, RPO, and Data Backup Solutions

Although the RTO and RPO may seem similar, they’re actually distinct. The main difference behind them lies in their purposes. RTO requires looking at the business from a big picture perspective by analyzing all the systems involved with its operations. In doing so, the RTO is set to facilitate business continuity. The RPO, on the other hand, specifically relates to the data itself and how quickly a company can recover after a potential data loss incident does occur.

When it comes to creating a business continuity and data recover plan, both the RTO and RPO need to be considered. Roan Solutions can help you determine these key metrics in order to develop a backup solutions program that is specifically tailored to your organization.

Posted in News

How to Insure Smooth Cloud Migration

how-to-insure-a-smooth-cloud-migrationIn recent years, there has been a lot of buzz surrounding cloud computing and how it can benefit businesses, such as the cost savings and flexibility of being able to work from anywhere. Even if businesses want to make the transition, the endless options attached to it can seem overwhelming. Decisions such as which cloud platform businesses should use, what aspects of a business’s infrastructure should migrate over to the cloud, and the exact process that will be used to control the migration are all things that need to be considered.

In other words, every detail needs to be planned and executed perfectly. Here are some ideas on how to insure a smooth migration over to the cloud:

Develop a Strategy

No business can transition to the cloud successfully without having a detailed transition strategy. Too often, businesses execute cloud migration long before they’re ready. At this stage, companies should list the data, apps, and workloads that will make the transition to the cloud. It is also a good idea at this stage to outline any potential challenges that may be faced during the transition in order to plan for them.

Another thing to consider as part of the planning phase is that the migration shouldn’t interrupt a company’s daily activities. At the very least, this interruption should be minimized as best as possible. The company’s IT department or managed IT service provider can help not only plan and execute the cloud migration, but also insure that the daily operations are minimally interrupt.

Execute the Strategy

Once the plan is developed, the next step is to execute it. The IT department of managed IT service provider will help insure that the process is as smooth as possible. Even while following a well-designed plan, kinks can still occur. Typically, non-essential items should be moved to the cloud first. Essential applications, such as email and data storage, should transition to the cloud during off-peak hours.

Once the transition is complete, the IT department should check to make sure that everything was moved correctly and that the same information can be easily accessed in the cloud as it was when the company used the on-premise exchange as an example. If the transition was done correctly, employees won’t even notice the difference. The key is to make sure that the data itself was moved 100% accurately from the on-premise exchange to the cloud. To do this, the company’s IT department or a managed IT provider needs to monitor the transition every step of the way.

Business of all sizes can take advantage of the many benefits that the cloud has to offer. However, in order to allow these benefits to be fully realized, the migration from an on-premise exchange to the cloud needs to be as smooth as possible. This takes advanced planning, knowledge, and a focused effort to make sure that all data components were migrated effectively.

Posted in News

Why Businesses Should Backup Their Data

Backup Computer Key

Data is one of the biggest assets that a business has, yet, many businesses treat their data as an afterthought. As long as the data is stored in a way that makes it easily retrievable, employees, including management, often don’t pause to consider the repercussions of not properly backing that information up. What would happen if all the data somehow got lost? Here are some very good reasons why businesses should consider creating and executing a solid data backup plan:

Data Loss Can Happen Accidentally

Even if businesses have a solid plan in place to prevent cybercrime, this doesn’t indicate that the data is adequately protected. The truth is, cybercrime only accounts for a small percentage of lost data. Other issues, including software failure and human error, are also risk factors. According to the Disaster Recovery Preparedness Annual Report, 50% of incidents result from software error and 43% of data loss incidents occur from human error. That is why having a data backup plan in place is so important. It is much easier for a business to rebound after a data loss incident occurs if the lost information can be recovered through the backups.

Lost Data Can Equal Lost Revenue

Depending on how severe the data loss is, losing important data can result in a loss of revenue. In a recent study released by EMC, they estimate that businesses lose 1.7 trillion dollars total due to data loss. The true issue with this statistic is that in a majority of cases, the situation could have been prevented. By having a dependable data backup solution, this can prevent the ensuing loss of revenue that results after the data is lost since it can easily be recovered. However, it is important to understand that data loss can still result in a hit to revenue since it could still take some time before all the information is recovered. Still, the damage will likely be much smaller than if no backup system were in place.

Data Loss Can Result in Lost Efficiency

These days, workplace efficiency is directly tied to profitability. What happens when people within a company experience lost data? Well, unless the data is recoverable, this means that all projects, correspondences, and information the individuals are responsible for will be lost. This indicates that employees will waste valuable time repeating their efforts, if possible. If it isn’t possible, the important information is simply lost. Each moment spent trying to deal with the repercussions of a data crash without a backup results in a serious loss of workplace efficiency. The best way to prevent this from happening is to insure that there is a data backup and recovery plan in place.

When businesses fail to plan and execute an effective data backup and recovery plan, they put the health of their companies at risk. The best strategy is to make sure that these businesses not only have a backup plan, but to make sure that the process of recovering the data is also efficient.

Posted in News

3 Ways Businesses Can Prevent Cybercrime

Virus Alert

Virus Alert

Although it’s the large companies that seem to make the headlines when a cyber security breach occurs, no business is immune to the threat. The truth is, small to medium-sized businesses are also vulnerable. Many companies tend to wait until a breach occurs to address the issue, but this isn’t ideal. The goal is to stop cybercrime before it starts. Waiting for a problem to surface could have disastrous consequences, such as information leaks and loss of revenue. Here are some things businesses can do to protect their sensitive information:

Ramp Up Email Security

When preventing hackers from accessing a company’s sensitive information, the goal is to create multiple security layers. This means that the hackers will need to fight through multiple layers to gain access, which decreases the likelihood that they’ll be successful. By encrypting emails and communications, it creates another layer that hackers will need to break through. This extra layer of protection could discourage hackers because they may feel it isn’t worth the hassle.

Develop Companywide Password Policies

Passwords leave a business’s sensitive information vulnerable because they are often easy to crack depending on how the password is defined. That’s why it’s important to create companywide policies regarding passwords. Issues such as how often they are changed to creating smarter passwords should be addressed in these policies. The workforce can be made to adhere to these rules and offers another layer of protection that could prevent some cybercrimes before they occur.

For instance, many employees often use the same password for multiple uses, and this is something that makes it too easy for a hacker to gain access. Requiring that employees never use the same password for multiple uses is an example of a rule that could be included. Businesses could also require a two-factor authentication that would not only require a unique password, but also an authorization code that could be sent to a mobile device as an example.

Install Protection Software and Keep it Updated

Businesses can further protect their assets by installing malware, antivirus, global DNS protection and firewall software programs. In fact, each machine in the company should have all four of these installed in order to prevent cyber attacks. It is critical that the IT department, CIO, or VCIO research the programs that will best service the needs of the company. From there, it is also crucial that the latest versions are always installed so that they can be as effective as possible.

Cybercriminals are dedicated to their craft, which means that their skills evolve quickly. That’s why businesses need to take an aggressive stance when preventing security breaches by using these strategies. However, it is important to understand that even after the security infrastructure is in place, a company’s work isn’t finished. It is important to ensure that everything in the company that is associated with cyber security, such as antivirus software, are all continually up to date.

Posted in News
Sign Up to the IT Newsletter from Roan Solutions:
* indicates required

Featuring Recent Posts WordPress Widget development by YD