Category "Cloud Solutions"

If you’re a business of any size that conducts online transactions involving credit or debit cards, the processing, storage, and transmission of their associated information must adhere to a set of security standards called the payment card industry data security standard (PCI). These standards apply regardless of where the data is handled. To make PCI compliance easier, many businesses opt to use a third party hosting environment such as PCI compliant cloud services. Using a quality host not only makes compliance easier, it greatly reduces the chance of a data breach from ever happening.

PCI compliance is not a one-time set-and-forget task. The required security measures must undergo continuing maintenance because the cyber threat environment is constantly evolving. This is yet another reason for using a quality host that makes ongoing security their primary mission.

A misconception of many entrepreneurs is that PCI compliance is limited to big businesses. They also believe their businesses are too small to attract the notice of hackers and other cyber criminals. It’s precisely this belief, which lulls them into a false sense of security and dissuades them from becoming compliant.

However, businesses of all sizes and even small non-business websites owned by individuals are routinely hacked. From the time a website is first established, hackers will find it within one or two months. The reason is their sheer numbers and the technology at their disposal. If you’re a business of any size, then you present a tempting target.

What Happens to Businesses That Aren’t PCI Compliant?

The consequences of a data breach involving customer credit and debit information include:

  • Lawsuits. It’s often said that society is becoming increasingly “sue happy.” This is most likely true given the huge number of law firm websites advertising their services. There’s a real chance that customers will seek litigation, especially if the compromised data resulted in identity theft.
  • Loss of business. A data breach involving customer credit and debit card data is regarded by the customer as a breach of trust. Because they trusted a business with their sensitive information, it’s being passed around, possibly in a data black market. This would surely discourage even the most loyal of customers. The resulting brand damage can have lasting business effects.
  • Fines. If a business that suffers a breach is found to be out of compliance, the fines can be hundreds of thousands of dollars. This, combined with the aforementioned business losses may force the owner to close their doors.

WHOA.com takes security seriously. We use multiple layers of security to protect our networks from all threats. To learn more about our PCI compliant cloud service, please contact us.

The cloud. It’s convenient, inexpensive, scalable, and easy to use. Because most businesses can’t achieve the economy of scale effect common to large cloud providers, it’s cheaper to use these services than duplicating their facilities in-house. But there is a big downside to the cloud: It has security risks.

A large cloud service may contain the data of hundreds of businesses. This presents a tempting target for cyber criminals who appreciate the monetary worth of this information or who simply desire to inflict widespread damage. They can gain entry by exploiting whatever security weaknesses they find. Here are three of them:

Compromised Login Credentials

Criminals have many ways of gaining access to login credentials. They might use password cracking software that persistently tries different password guesses until they achieve a successful login. This is highly effective against weak passwords. People may be tricked into using their credentials on fake login pages, or the credentials might be stored on a mobile device that’s subsequently lost or stolen. Credentials can be obtained using visual hacking, in which a person stands behind someone logging into an account and records the keystrokes with a phone video recorder.

Data Leakage

Not all cloud service providers are created equal. Some may have employees who are negligent or just prone to making mistakes. Even though you would never hire such a person to handle your data, the security and safety of your critical business data are nevertheless in this person’s hands. An accidental transfer of your data to an unsecured server exposed to the Internet is quite possible.

Poor Data Isolation

Cloud physical resources such as CPU, networking, and databases may be shared between multiple users (tenants). The activities and data of any one tenant should not be visible or accessible to the others. In addition, if one tenant is infected (by ransomware, for example), the problem shouldn’t spread to the other tenants. However, these problems can happen when poor data isolation is in place. If a tenant’s poor login credential management allows a hacker to gain access to his data, your data may be compromised next in such an environment.

The above are by no means a complete listing of cloud security weaknesses. The main takeaway from this is the importance of carefully vetting cloud service providers from a security standpoint before using them. Secure cloud storage is an absolute necessity today because your business and reputation depend on it. WHOA.com takes security seriously. We use multiple layers of security to protect our networks from all threats. To learn more about this, please contact us.

Hackers generally don’t infiltrate business databases purely for the thrill or intellectual challenge. They’re in it for the money. However, the person with the skills and tools to hack into databases doesn’t necessarily know how or have the inclination to exploit the information for maximum profit. The value of much of the information they steal isn’t always obvious to them. If it is, they may lack the expertise to pull off the necessary scam. This is where the information black market comes into play.

The information or data black market brings together the data thieves and the criminals who know how to use the data. It consists of online websites or forums, not unlike eBay, in which the sellers have feedback scores based on the buyers’ experiences with them. Some of these places are readily found if you know where to look, while others are in the dark web of the Internet. If your business data is breached, there’s a good chance your data and that of your customers will end up in one of these places.

If your compromised customer data didn’t include their credit card information, it can still be exploited in ways that ultimately cause harm. Names, addresses, and similar information can be used to fabricate fake ID cards for various nefarious purposes.

For example, a person’s health insurance medical policy number, name, and birth date might be enough information to fabricate a fake ID card that allows a criminal to get free drugs or medical equipment, which they can sell elsewhere. No matter what the information is, there will be buyers at these black markets who will know how to profitably use it.

The point of the above is there’s a strong economic incentive for cyber criminals to steal your business data. The profit incentive also drives innovation in the techniques and software that hackers use to get to your data. This is why you can never let down your guard. If you don’t have the time to become a cyber security expert and lack the resources to prevent a data breach, consider using WHOA.com’s managed security services. Contact us to learn more.

WHOA.com Offers a Fully Managed, Secure Cloud Infrastructure with enterprise grade security, intrusion detection & prevention services. We offer HIPAA compliant, ISO 27001: 2013 certified cloud hosting solutions for our clients.

Software as a service (SaaS) is an attractive business model. The bulk of its revenue comes from recurring membership fees, and its many benefits to customers are compelling sales points. However, the business is not without its challenges. It demands excellent coding abilities and a good grasp of user interface design. Ensuring there’s sufficient demand, and scaling the business with skillful marketing are other challenges that can make or break an SaaS business. However, poor cyber security can quickly undo your efforts at making your business successful.

A Few Common Software as a Service Vulnerabilities

A well-known benefit of SaaS is that customers can use it wherever they have Internet access. However, this also makes it an easy target for cyber criminals, who may attempt various exploits such as cross-site scripting or SQL injection. Cross-site scripting involves injecting a script that manipulates your SaaS website functionality. An SQL injection manipulates your database when a hacker enters SQL code into a form on your website.

Sometimes your own customers inadvertently contribute to security problems because of poor password management. Common customer lapses include weak passwords, use of the same password for multiple accounts, or leaving their passwords in plain view in their work area.

How a Security Breach Can Damage Your Business

  • A security breach that interferes with the service itself disrupts operations and prevents customer use of the service. A lengthy disruption will cause service cancellations by dissatisfied customers and lead to revenue loss.
  • If the breach causes loss or theft of sensitive customer data, customers will almost certainly cancel their subscriptions. Data breaches of this kind are highly damaging. Recovering your ex-customers will be very difficult, and some may pursue litigation against your company.
  • News of a data breach can be both viral and reputation damaging. Because the Internet never forgets, a bad reputation adversely affects future customer acquisition.

Although some of the above mentioned security difficulties are readily managed such as the strength of your clients’ passwords, others are less so if your company doesn’t have its own cyber security staff. However, you might consider outsourcing your security needs. Contact us to learn how WHOA.com’s managed security services can protect your SaaS business from cyber threats.

 

© 2012-2017 WHOA.com All rights reserved.