You must comply with the PCI DSS controls and processes
Any merchant or service provider that stores, processes, transmits or simply handles customer credit card data must comply with the PCI DSS controls and processes. If you don’t, you risk costly fines, restrictions, or worse should a breach occur. VISA and MasterCard require ALL merchants who accept credit card payments to be certified compliant with the Payment Card Industry (PCI) Data Security Standard. Non-compliance can potentially result in fines or even being banned from processing credit-card transactions.
Audit your website security
Website security is possibly today's most overlooked aspect of securing the enterprise and should be a priority in any organization. Hackers are concentrating their efforts on web-based applications - shopping carts, forms, login pages, dynamic content, etc. Web applications are accessible 24 hours a day, 7 days a week and control valuable data since they often have direct access to backend data such as customer databases.
It is true to say that the Internet is not the "safe" place it was 5 or 8 years ago when it was much smaller. Driven by the lust for money and infamy, SPAMMERS and hackers have become the scourge of the Internet. They employ the skills of whoever they can find to help them practice their illegal trade.
If you don't inspect your site for possible malware infections, you are likely to get yourself into a lot of serious trouble - not only with your hosting company but also with the law. This is how it works.
Here are five of the most common ones.
 Hijack your mail server: Why would someone want to do this? The answer lies in the law - spamming is illegal in most countries and get you prison time for doing it these days. If a spammer can use your website to send a couple of million (that is not a typo) SPAM emails, you will get into trouble with the law because it was your website that sent the spam.
 Hijack your site or even the whole server: Ever seen all the Messages on a family friendly Message Board replaced with porn images? Or a whole website gone? That's the kind of thing we mean. Even more sinister is when the perpetrator uses stealth to intercept your email and monitor your outgoing mail - credit card numbers, passwords and other personal information can all be stolen in this fashion.
 Hack other servers: Hacking of several servers is normally used by hackers when they want to orchestrate a massive DDOS (Distributed Denial of Service) attack on another [big] server like Yahoo or Hotmail. They normally install what is called a root kit which gives the hacker a "back door" into the server whenever he wants it.
 Attack other servers: They refer to this as a DOS (Denial of Service) attack. One or more servers gang up on another server and overload it with data so that it crashes. You may remember from the news that Yahoo and Hotmail were attacked in this way not so long ago. Obviously this is illegal and there is serious prison time if the hackers get caught. Why do they do it? Beats me! Probably because they can.
 Attack other end user PC's: Malicious code uploaded not by you but by a hacker (illegally and without your permission) onto your website can easily be used to attack the PC's of the people visiting your site. Other code uploaded to your site that sends out a virus email to thousands of people is yet another one of many ways your website can be used to attack the very people you are trying to encourage to visit your website.
Click here
to schedule a Security Audit |
