Quick Intelligence Blog

PCI compliance, or Payment Card Industry compliance, is a set of standards created to ensure that when business take credit card payments online, they do it in a secure manner, minimizing the risk of credit card theft. The PCI Council creates the rules (there are ~150 of them) which dictate everything from firewall configuration to security protection on devices used to store, process, or transmit credit card data.

Whether you run a small business or a large business, you know that a ransomware attack can be devastating. Did you know that these 3 common misconceptions could give you a false sense of cyber security? Listed below are 3 of these misconceptions and what you can do to address them, and in turn, be more cyber secure.

The National Institute of Standards and Technology (NIST) was “founded in 1901 and is now part of the U.S. Department of Commerce. NIST is one of the nation's oldest physical science laboratories.” In 2013, then-president Obama tasked NIST to create a set of common-sense protection actions that SMBs could take to better protect themselves from Internet-based exposures.

Canada’s data privacy law, the Personal Information Protection and Electronic Documents Act, or PIPEDA, governs how private Canadian companies are responsible for the collection, use and disclosure of personally identifiable information (PII) during the course of their regular business activities. PIPEDA fist came into law in 2000 and must be reviewed by parliament every 5 years. The last update to PIPEDA came into law on November 1, 2018, and for the first time, it included regulations for disclosing a cyber security breach.

You may have heard about password managers as a way to build and store strong passwords. They are easy to use, as you only need to remember one password to access the database of all your passwords. These days, with multiple accounts used for email, social media, online shopping, and banking, you want to keep all your passwords safe and secure.

A recent study by the Ponemon Institute and DTEX Systems suggests that when it comes to detecting insider threats, 53% of the businesses they surveyed are unable to prevent insider attacks. Considering that the Verizon 2021 Data Breach Investigations Report suggests that 22% of all cyber attacks are caused by insiders, this is concerning.

When it comes to passwords, you know that it needs to be difficult to guess, but simple enough to remember without writing it down. And of course, you should never reuse the same password.

Multifactor authentication uses a combination of two or more methods to authenticate who you are. These methods include something you know, something you have and something you are. To break it down further, the something you know could be a password or security questions, the something you have could be a token or code sent via SMS, and the something you are usually involves biometrics (fingerprint or facial recognition).

You’ve seen some of the headlines regarding big cyber security breaches. Colonial Pipeline paid a huge ransom to get their data back and get the gas flowing again. JBS Meat also suffered an attack that shut down production for days.

The General Data Protection Regulation, or GDPR, is a law created by the European Union to protect its citizens’ privacy and information. It includes the concept of the “right to be forgotten”, meaning if an EU citizen doesn’t want you to have their information, they have the right to request that it be deleted entirely and expect proof when completed. If you do business in the EU or have EU citizens as customers, GDPR applies to you, take it seriously as significant fines for non-compliance can apply! Fines can be as high as 20,000,000 EUR, or up to 4 % of the total worldwide annual turnover of the preceding financial year, whichever is higher.