A personal invitation from Omega ATC to attend the Phillips 66 convention, May 21-24, 2013

Posted on May 10, 2013 by Omega ATC

Omega ATC will be exhibiting at the upcoming Phillips 66 convention, May 21-24 at the Aria in Las Vegas. We invite you to visit us at booth #201 to explore how we could address your data security issues. Data breaches can be avoided if you minimize the risks in the first place.
 
Shekar Swamy will also be presenting at two educational sessions during the Conference – ‘How to build your arsenal with the latest weapons to protect against the spreading security threat.’  This is a joint presentation with Phillips 66 and follows the guidelines created by the NACS/PCATS data security committee.

The urgent question several oil companies are facing today is, “how do we help our marketers achieve PCI compliance with minimal changes to their environment at an affordable price?” We recognize these challenges and have been successfully addressing the common PCI compliance gaps faced by marketers. You can get help from us too.
 
Here is a chance to meet with us one-on-one during the show days. Please call Nick Schaecher at 636-557-7777 x 2452 to set up a time to discuss your situation. During show days you may reach Nick on his cell at 309-883-1200.

Posted in Cyber Security, Data Breach, Data Security, PCI, Systems Management | Comments Off

Malware attacks are becoming more pervasive, sophisticated and dangerous

Posted on April 29, 2013 by Omega ATC

Hence, defence mechanisms have to pick up speed as well to counter these malware attacks.  The usual traditional ways of preventing these attacks such as installing firewalls, intrusion prevention systems, anti-virus and security gateways are just not enough according to a research study.

Most attacks happen through zip files coming to email in-boxes as attachments. Also malware attackers tend to use .DLL files instead of .EXE files.  These seem to prolong infections. Malwares are able to evade the usual detection systems.

Enterprises need to become more sophisticated in their technologies and methods. The recommendation by experts is to find a way to stop the attack even without knowing about the target that’s being attacked or the malware used for the attack. The insistence is on a multi-layered approach to stop malwares.  Constant updating and patching that Omega recommends on keeping up with is one of the preventive measures against malware. 

Call us at 636-557-7777.  We can help you!

Posted in Cyber Security, Data Breach, Data Security, Disaster Recovery, PCI | Comments Off

Omega ATC at the Tech EVENT 2013. Visit display #231 April 6th-8th.

Posted on April 25, 2013 by Omega ATC

Omega ATC will be exhibiting at the upcoming Tech EVENT May 6-8 in Dallas, Texas.  We invite you to visit us at display location #231 and set up appointments to meet with us at the business appointment center #9065.
 
Omega ATC is deeply involved with every aspect of data security and is considered an expert in this area. Omega’s solutions and services are used by c-stores and petroleum marketers around the country.  It will be worth your time to explore the reasons as to how you could be using Omega’s solutions to safeguard your customers’ data, why others trust Omega, and how they are benefitting from its use.
 
Here is a chance to meet with us one-on-one during the show days. Please call Mike Schulte at 636-557-7777 x 2402 to set up a time to discuss your situation. During show days Mike can also be reached at 636-236-9815.

Posted in Cyber Security, Data Security, Mobile Device Management - MDM, PCI, SAQ, Social Media, Systems Management, Wireless Security | Comments Off

Where do employees fall within an organization’s data security strategy?

Posted on April 23, 2013 by Omega ATC

Three tips to align your first line of defense — Your Employees — with your PCI compliance strategy

An alarming statistics states, “32% of companies of all sizes have experienced 25 or more social engineering attempts within the last two years, and the same very report found that 34% of businesses do not have any employee training or security policies in place.” This is applicable to all merchant levels and should not be taken lightly.

Here are some tips for employers that’ll keep their compliance approach more holistic and these are indeed the cardinal points of the PCI Data Security Standards.

For additional information on data security needs for your company, talk to one of our systems engineers.  Call 636-557-7777 and we’ll be happy to put you on the right path to compliance.

Posted in Cyber Security, Data Breach, Data Security, PCI, Social Media | Comments Off

Protecting Credit Card Data – Old Laws Matter!

Posted on April 16, 2013 by Omega ATC

Recently the St. Louis Metro Link settled a class action lawsuit for violating the Federal Fair and Accurate Credit Transaction Act (passed way back in 2003) because they printed rider receipts back in 2010 and 2011 that still included the last four digits of the card number AND the card expiration date.  The Federal Fair and Accurate Credit Transaction Act gave merchants until 2006 to comply with limits on the amount of card information printed on receipts.  The St. Louis Metro Link’s violation of FFACTA will cost them over $100 per violation -  paid out in cash and free ride vouchers to each passenger violated for each receipt presented by riders.  Even without receipts, a rider credit or debit card statement showing transactions with the Metro Link will earn the rider 3 free round trip tickets.

Two riders of the Metro Link simply noticed that their old receipts showed the last four and expiration date and their receipts instantly became “winning lotto tickets” plus $2,500 as class representatives.  It appears as the public is becoming more knowledgeable of credit card law and breaches, they are starting to watch what you do today, and even more importantly what you did in the past.  If your company violated FFACTA or if an entity that you are considering acquiring has violated FFACTA in the last 6 years, you may want to measure your possible exposure to those violations.

Posted in Cyber Security, Data Breach, Data Security, PCI | Comments Off

Merchants processing over 1 millions credit card transactions annually need to be concerned about compliance.

Posted on April 16, 2013 by Omega ATC

Listen to this informative Webinar that addresses concerns of Merchant Levels 1 and 2. Learn through real examples on what experts have to say about the importance of systems management, data security and compliance for these 2 levels. Also a Qualified Security Assessor talks about the key aspects of an audit.

Visit omegasecure.com to find out more about the solution that is right for you. Call 636-557-7777.

Posted in Data Breach, Data Security, PCI, Systems Management | Comments Off

Smaller merchants with over I million credit transactions annually are being scrutinized by card companies and acquiring banks

Posted on April 8, 2013 by Omega ATC

Merchants who process over 1 million Master Card or VISA transactions need to be concerned about data security and PCI Compliance. Card companies like AMEX, Master Card and VISA are increasing their emphasis on Level 2 merchants who fall into this category. We are seeing much greater attention paid to firms in the East Coast and West Coast to demonstrate compliance. It usually means that these merchants need to engage a QSA firm or have their own certified Internal Security Assessors to certify that they are compliant.

Some merchants we deal with thought they could just drop AMEX and  carry on with other card companies. Really? Please keep in mind that there are five card companies that form the PCI council. The problem is that demonstrating compliance with 286 controls in PCI DSS really means that you have to be able to show evidentiary support. It cannot be done overnight and to achieve true compliance you have to have the systems and personnel to carry out the process. Folks, get busy and become serious about this issue. If your business is dependent on credit card transactions, then you need to take this seriously. It all starts with a simple email from your acquiring bank.

Posted in Data Breach, Data Security, PCI, Wireless Security | Comments Off

A Web Application Firewall May Be In Your Future

Posted on April 1, 2013 by Omega ATC

Auditors are recently cracking down on PCI DSS requirement 6.6 to either

1)      Review public-facing web applications considered to be in scope via manual or automated application vulnerability security assessment tools or methods, at least annually and after ANY changes

2)      Run a web application firewall in front of any public-facing web applications that are considered to be in scope. 

This means that you must either run extensive tests and re-test every time you make a change to your web application or place a web application firewall in front it.  In-scope web applications include any web applications that are either directly in the cardholder data environment or any web applications that are used to access machines in the CDE.

Manual web application vulnerability assessments are very likely just way to labor-intensive to be used either by your own organization or by your vendors to assess web applications especially considering their high rate of change.   So, unless you go through the expense and process of setting up an automated application vulnerability security assessment tool, and become an expert in its use, you are left with the simplest approach of installing a web application firewall in front of your web applications.  

A web application firewall (WAF) as defined by OWASP, the open web application security project, “is an appliance, server plugin, or filter that applies a set of rules to an HTTP conversation.  Generally, these rules cover common attacks such as Cross-site Scripting (XSS) and SQL Injection.”   Unlike a standard network firewall, it focusses specifically on web application traffic not on all IP traffic.  Once a WAF is put in place it watches all HTTP and HTTPS browser to web server traffic for attempts to attack your web applications and prevents the attack.  So even if your own developers or one of your vendor’s developers left a vulnerability open in their web application, the WAF will prevent it from being exploited by a browser user or even a hacker tool that looks like a browser to your web application.

Be sure and check that all your in-scope web applications or service providers that host your in-scope web applications are completely protected per PCI DSS requirement 6.6 before your QSA identifies a gap.   Otherwise, if the QSA doesn’t detect a gap, instead of a QSA, you may find a PCI forensic inspector (PFI), or even the US Secret Service  knocking on your door one day.   No merchant wants that.

Posted in Cyber Security, Data Security, Online Cloud Security | Comments Off

5 ways to avoid a negative PCI audit experience

Posted on March 22, 2013 by Omega ATC

‘Compliance Auditing’ is a worrisome exercise and a valid fear for several reasons.

  1. Dollars involved
  2. Discovery of the many gaps that you may not even be aware existed
  3. Remediation process which by itself could be a journey
  4. Time away from normal work routines as it could require dedicated staff to provide answers to an auditor’s questions
  5. Interference with running your business

However, a QSA’s goal is to help keep your business running smoothly and make sure your network environment is protected from a possible breach ever happening. They need yours, the retailers’ help as well for the auditing to be successful. 

If you are a retail merchant processing over 1 million Master Card or VISA transactions annually, read about what you are required to do to get a Report on Compliance.

And, how can you become proactive and avoid a bad audit experience?

Posted in Data Breach, Data Security, PCI | Comments Off

How essential is secure data backup? And, what about recovery when you need that data?

Posted on March 18, 2013 by Omega ATC

It’s bad enough if you lose digital photos of your family on your personal computer, but what about business critical data such as accounting spreadsheets or entire databases of information?

When backing up business critical data, it’s important for the process to be secure, dependable, and for the data to be stored offsite. But here’s where you pay attention. Most consumer grade backup offerings don’t encrypt your data as it moves to and from the cloud. Additionally, the data backed up to the cloud is usually stored in a single offsite location. Is that good enough for large enterprises? It is NOT as experienced by corporations.

If you truly want your data to be safe and secure you need a product that can deliver both these options.  Omega Secure Backup+Recovery is the right choice.

Omega can provide you with a total enterprise level backup and recovery package. Not only is your data encrypted during the backup process, it is also transfered to the cloud through a secure encrypted connection.  The data is then stored safely in two separate data centers over 3,000 miles apart.  You can back up specific files or entire SQL databases and email servers. 

If you would like more information about the Omega Secure Backup+Recovery service call us at (636) 557-7777 ext 2402. Or, email to pci@omegasecure.com.

Posted in Cloud Backup and Recovery, Cyber Security | Comments Off