PCI Compliance is Just One Part of Protecting Customer Data

Any company that accepts credit card payments is held to the standards of the Payment Card Industry Data Security Standard. If your company intends to accept card payment and store, process, and transmit cardholder data, you need to host your data securely with a PCI compliant hosting provider. There are a variety of ways this can be accomplished, so we will go through a few of them to give you a better idea of what needs to be done when protecting customer data.

By creating a secure network, you ensure customer data is safe and well hidden from prying eyes. Setting up a firewall configuration to protect cardholder data is the first step. Your hosting provider should have firewalls in place to create a secure, private network. Work with them to gain insight on the matter and create a firewall configuration policy. Also, although it may sound obvious, create your own unique passwords for the system. Going with the default password can be dangerous as these are easy to generate and created simply as a placeholder. Create your own password to make it that much harder for outside forces to get in.

Protect your stored data. This applies to companies that store their cardholder data. Encrypt the transmission of cardholder data across open, public networks. It may sound obvious, but this is important to about identity theft. Encrypted data is unreadable and unusable to an intruder without the property cryptographic keys. These keys are plaintext turned into ciphertext, which contains information unreadable to those without the cipher or the correct decryption algorithm.

Make sure that there are no weak spots to your system. Use and maintain anti-virus software to protect against the most recent malware. Malware and viruses are constantly being updated, so keeping ahead of the curve is the best way to keep all of your information protected. If your data is being hosted on outsourced servers, a managed server provider is responsible for maintaining a safe environment, which includes generating audit logs. Keep all of your systems secure and well maintained. Using an alert system, you should be able to keep up with newly discovered security vulnerabilities and fix them before they become a problem. The PCI compliant host provider should be monitoring and updating the system to accommodate any security vulnerabilities, and if not, they should be informed of any changes made so that the proper updates can be implemented.

There should also be strong access measures in place. Limit the amount of people that have access to the cardholder data to lessen the chances of a security breach. User accounts with access should follow the best methods to safekeep the data, which means password encryption, authorization, authentication, password updates every month or so, log-in time limits, and so on. Follow all of these and use common sense to make sure your customers are safe in your hands. Be the best they expect you to be.

Maintaining CJIS Compliance In Illinois - 5 Quick Steps For Local Governments

The Criminal Justice Information Services is essential to fighting crime and encompasses fingerprint data, criminal background checks, and other vital pieces of information for national security organizations. Compliance can be a challenge for businesses because it requires a bit of training, high end software, and carefully controlled access points. Here are a few steps you can take for maintaining CJIS compliance.

Implement Encryption

The cost of CJIS compliance is dependent on the size and scale of an organization or business. As such, every business needs to use encryption for a variety of purposes, such as protecting user access points, storing digital information, establishing access control mechanisms to restrict users, and transporting digital information. Small businesses need only work with the local police force to set up an on-site storage server and set up a few AP’s for officers to access data. Larger companies will need to work with the metropolitan police department or state police force since they will be storing much more information.


There should always be a CJIS Systems Officer on staff to ensure everything is within standard compliance. They need to be trained on standards for personnel who have access to CJI in the agency, policies for hardware and software that transfers and stores CJI, and standards for outsources companies that have access to CJI.

Making CJI Data Available

Law enforcement has to balance security with ease of access, which can be difficult depending on the amount of information. Creating an AP at a secure location allows easy monitoring, but may make it tough for law enforcement to gain access quickly enough. Your business needs to weigh the pros and cons of AP placement and ensure there is a solid incident response plan in place should the worst happen.

Technology Fracturing

CJIS has specific security requirements but it is left up to the business to choose which systems they use. Ensure your information isn’t spread across a variety of different systems so that when disaster strikes, law enforcement is able to quickly and cleanly access the information they need.

CJIS Cloud

The National Data Exchange is a massive warehouse of data that law enforcement uses to track criminal records. Your own information from your business can be added to this storage space for ease of access, but make sure you check with the local police force to make sure this is advisable based on your line of work and information. This isn’t the only way to store information and there could be a cheaper solution based on what type of work you do.

Illinois Personal Information Protection Act - Compliance For Your Business

On May 6, 2016, Illinois expanded its definition of protected personal information, joining a number of states in a similar movement. A change this significant affects everyone currently managing a business or those trying to start one up. Compliance is as simple as setting everything up, but this article will explain everything that the Illinois Personal Information Protection Act changed so that you are better prepared to work with it.

Originally, the only personal information required was a first name or initial and last name in combination with a Social Security number, driver’s license number or state identification card number, or an account number or credit/debit card number or an account number with access code or password that would permit access to an individual’s financial account.

The new definition includes an individual’s first name or initial and last name in combination with medical information, health insurance information, or unique biometric data such as fingerprints or retina image. It also includes personal information like a user name or email address with a password. It also clarifies that if personal information is encrypted or redacted but the decryption keys or readable data elements have been acquired, then notification may be required.

Furthermore, under the new law, if notice is required and the breach of security involves an individual’s user name or email address, the notice should ask the user to “promptly change his or her password and security question or answer, as applicable, or to take other steps appropriate to protect all online accounts for which the resident uses the same user name or email address and password or security question and answer.”

For companies that haven’t already done so, the law requires companies that deal with records that contain personal information about Illinois residents to “implement and maintain reasonable security measures to protect those records from unauthorized access, acquisition, destruction, use, modification, or disclosure.” The same applies to any person receiving said information.

Finally, the new law deems entities to comply with PIPA if those entities are “subject to and in compliance with” the Gramm-Leach-Bliley Act Safeguards Rule. Additionally, entities subject to and in compliance with the Privacy and Security Rules for the protection of electronic personal health information under the federal Health Insurance Portability and Accountability Act of 1996 and the Health Information Technology for Economic and Clinical Health Act (HITECH) are deemed to comply with PIPA. But if an entity is required by HITECH to notify the U.S. Department of Health and Human Services (HHS) of a breach, the entity must also provide notification to the Illinois Attorney General within five business days of notifying HHS.

It’s quite a lot to take in, but following everything that has been laid out keeps you within the safety net of the law while also making sure your customers feel safe using your business. It may be a lot of paperwork, but their safety is your primary concern, so the end result is worth the effort.

1 Easy Way To Make Your Medical Practice HIPAA Compliant

HIPAA sets the standard for protection of sensitive patient data. The Health Insurance Portability and Accountability Act ensures that any company that deals with protected health information has all potential security measures in place and followed to the letter. This includes anyone you provide treatment, payment, and operations to in healthcare, called covered entities, to anyone with access to patient information and provides support in these fields, called business associates. There is one simple, sure fire way to ensure your business is HIPAA compliant; utilize TimbukTech.

HIPAA requires quite a lot to ensure that your datacenter is compliant. There must be physical safeguards in place to limit facility access and control. All companies HIPAA compliant must have polices about use and access to workstations and electronic media. This includes transferring, removing, disposing, and re-using electronic media and electronic protected health information. They need technical safeguards which require access control to allow only authorized users access to the protected data. This means unique user IDs, emergency access procedures, automatic log offs and encryption and decryption.

There need to be technical policies in place that cover integrity controls or measures put in place to ensure nothing has been tampered with or altered. There should also be network safeguards in place to make sure there are no unauthorized public access to your information. Private networks are the best method to ensure nobody sees information they shouldn’t.

Sounds like a lot, doesn’t it? If your business is just starting out, this can all be a bit overwhelming. You need to manage quite a few legal steps to make sure everything is running smoothly while also handling all this data. Even current practices may have trouble juggling all of this at the same time. It takes a lot of time and money to manage all of this alone. That’s where TimbukTech comes in. TimbukTech is the simple solution to all your HIPAA problems. They are certified to handle all of this information in a safe and timely manner. Private servers to store the information, around the clock security to ensure everything is where it should be, and specialists standing by should something go wrong. There are few places safer than with them. Plus, this is a far cheaper solution than doing everything yourself. You would need to hire specialists, create and manage your own storage network, keep track of all the files at the same time, while also trying to keep your business running smoothly. Why not just leave it in the hands of the professionals? They know what they’re doing and have the credentials and experience to back it up. Save yourself the pain and money and leave everything in their hands you won’t regret it.

A Low Cost Way To Get Technology Support In Your Medical Office

Managing a business is difficult, and doing so on a budget is even tougher. It can be a bit stressful as clients roll in and you realize that as much money as you make, it’s slowly rolling into the red month after month. You need a way, maybe two or three, to keep up productivity while saving money at the same time. Those of you still interested in the pitch, the magic word here is outsourcing.

For those of you new to the trade or that need a refresher course, outsourcing is a cost-effective method to help run your business by utilizing the skills of another company to manage a certain facet of your business, for instance, your technology support. You don’t have all the time in the day to worry about things running smoothly in the office and paying workers to do that could potentially be overkill eventually. If you are just starting up a business, you don’t have that kind of money. That is where outsourcing technology support comes into play.

The main difference-maker this method would be used for is lowering costs. On average, a company can save considerable operational costs with an outsourced individual or team. It is the same work done, at a fraction of the price, also allowing you to skip health insurance and vacation costs in the process. It is quality work at a much lower price. You also don’t have to worry about the expertise side of things. When hiring for a position, it’s sometimes tough to find people with the skillset and ability you need for the job. Outsourcing is a way to guarantee the work to be high quality and much less hassle. Outsourcing also gives you more room to breathe day to day. By handing off redundant or repetitive tasks to the outsourcing company, this opens up much more time spent on ventures to further your own business.

Outsourcing is a great way to put your mind at ease about a task as well. The risk associated with it is rolled onto the outsourced company, freeing you up to focus on other matters. Customer service is also rolled over to their side, which may seem like a risk, but you wouldn’t have picked this company if you didn’t trust them, right? Anything that goes wrong, they are liable for it and will take care of it, meaning that complaints are directed to them, as is all the work associated with them.

Outsourcing doesn’t sound all that bad now does it? It is basically hiring a group of workers at a fraction of the price to do a portion of the job you may normally have difficulty hiring for within the budget. Everyone likes saving money, so put your trust in a partner company and focus on making your business into the best it can be.

Office 365 blog

What? You’re Not Using Office 365? If You’re In The Weeds, We Can Help

Chances are that your competition is already using the Microsoft Office 365 suite of tools to maximize their productivity and grow their business, so why aren’t you? This is a powerhouse of a platform that will change your business culture and deliver immediate results, and now it’s more affordable than ever.

Office 365 is more than just another software product filled with empty promises – it’s an integrated experience of applications and services with a familiar face. Microsoft has been providing solutions for some of the biggest companies in the world for decades. Now, with O365, they’ve raised the standard for business growth. Imagine bringing together all of your people, processes and technology and being able to manage all of that productivity seamlessly, all through cloud computing. Office 365 makes that a reality. And if you’re not onboard with it yet, we can help you get there.

O365 encompasses Microsoft Word, Excel, PowerPoint, Outlook, OneNote and OneDrive – available on ALL of your devices, no matter the operating system. That’s right – O365 is OS-agnostic and works on Windows-based PCs, Android devices, Mac OS and iOS. It also offers the options of these services: Exchange, SharePoint, Skype for Business and Microsoft Teams. And, all updates and service packs are included in your monthly subscription. Daunting, isn’t it?

That’s where Zen Techworks comes in. You need a solid managed IT services provider to ease the transition over to O365. We will migrate, integrate and manage your Microsoft Office 365 subscription into your server and network without a hitch. Worried about your data’s safety when it comes to cloud computing? Don’t be. Microsoft Office 365 offers choice like Hybrid Cloud Computing, and incorporates exclusive, proprietary security features to protect your sensitive data. They have also added in a Compliance Manager to help you meet the standards necessary to keep you in business. Plus, we’re watching your data 24/7, and often solve a problem before you even realize you had one.

Benefits of having a Managed IT Services Provider:

  • Take Your Productivity to Heights Unknown

Whether you have a thin IT department – or none at all – with an MSP you’ll be giving your staff the tools to produce their very best work not only raises morale but positively affects your bottom line. The 2018 “Forrester Consulting Report on the ROI of O365” concluded that the group of applications and services that make up O365 cut support time by 50%, saved mobile/field employees at least one hour per day and afforded analysts, managers and sales people the opportunity to make better and faster decisions because they had information in real-time. More productivity means better revenue and happy clients.

  • Worry-free IT Performance

We can integrate O365 seamlessly with your existing system and network. With 24/7 support available, you don’t just add O365 to your productivity tool box, O365 becomes your tool box. To get every last drop out of all the services that make up Microsoft Office 365, you need a great partner to manage it. Bringing in an MSP as your IT partner is the smartest move you can make if you want to use O365 to grow your business.

  • Cost Reduction

Office 365 is more affordable than ever (subscriptions start at $12.50 per user per month) with all monthly updates and service packs included, and also 1 TB of cloud computing storage per user. Small to medium businesses will love the reliability and security, but even the largest of firms will benefit from this powerful suite of tools. Forrester also concluded in their report on O365 that the delivered 3-month ROI was a whopping 378% (source: 2018 Forrester Research “The Economic Impact of Microsoft Office 365”). We at Zen Techworks believe in transparency, so you’ll always know exactly what your cost is, with no surprises.

  • Increased Data Security

Microsoft Office 365 exclusive, proprietary security features to protect your sensitive data, especially in the cloud. They have also added in a Compliance Manager to help you meet the standards necessary to keep you in business. Plus, you have us, the eye in the sky, keeping careful watch over your precious data. No matter your industry, we help you maintain compliance and all those licenses, so you can get back to what you best, and stay worry-free.

  • Real-time Collaboration with Ease

Cloud computing is no longer just a pie-in-the-sky fantasy – it’s here and it has become standard business practice. But choosing which cloud option fits your future goals can be tricky. We can help you sort that out with expert consultation. Dream it, design it, create it – then edit and share it in an instant with anyone on any device to any device in real-time. With features like multi-party HD video conferencing, content sharing, team chat and shared calendars, your people can collaborate with the person in the next room, next regional office or across the world seamlessly. Think of all the time and resources wasted in the past trying to get everyone on the same page for a project, using the same processes and technology. With O365 implemented, those days are long gone.

We mentioned before that all of the tools, processes and services encompassed within Microsoft Office 365 can be overwhelming if you don’t where to start. And if you’re not properly managing it – or it’s beyond the scope of your IT department – you’re not getting the full benefits or tapping its complete potential. It then just becomes a wasted investment. You need a solid managed IT services provider, like us.

We’re here to help. We can offer you seamless integration with your existing servers and network, 24/7/365 assistance, transparent fixed monthly billing and show you and your staff how to get the maximum potential out of O365’s platform. You concentrate on running your business, we’ll handle your Office 365.

What are you waiting for? Give us a call today, and let’s discuss how O365 can grow your business!

five myths about the cloud debunked blog

Five Myths About the Cloud – Debunked!

It’s human nature to be wary of something new, something different – something that seems too good to be true. Especially when it comes to your precious business dollars. After all, that business is your baby and you wouldn’t throw that baby on any old bandwagon.

The cloud is only a fad, right? Not even close. Cloud services are here to stay and are constantly evolving. Cloud computing – in the 10 short years since its inception – has gone from a clever idea and morphed into a business-critical core technology. A Forbes study launched at the end of 2017 projected that cloud computing would be a $162 billion industry by 2020. And at its current compound annual growth rate of 19%, Forbes is right on the money. They also reported that 74% of IT CFOs attribute most of their most measurable growth impact to cloud services.

So what is the cloud exactly? At its intrinsic level, the cloud is a collection of computers, servers, and databases that are connected together in a way that users can lease access to share their combined power. Cloud computing is scalable so that buyers can choose to increase or decrease the amount of computing power they need. It’s a set of very complex infrastructure technologies that keeps your data safe and secure.

Of course, not everyone buys into something just because the rest of the crowd has. The cloud and its services still has some mystery surrounding it. We’re going to put to bed some of those myths and show you how to get the most out of moving to the cloud, angst-free.

Myth #1:  Data isn’t secure in the cloud.

The Truth:  The cloud’s security architecture is multi-layered, and there are multiple safeguards against cyber attacks. Deterrent and preventative controls harden your network against threats and require strong end user authentication. Detective controls ensure that the system is monitored 24/7/365 and respond appropriately if a threat is suspected. Corrective controls manage the damage should a data breach occur. All of these things work in unison to protect your sensitive information and intellectual property, especially where federal compliance regulations are an issue.

Myth #2:  The cloud is just a passing trend.

The Truth:  According to research and analyst juggernaut Forrester, over 50% of enterprises across every industry worldwide will be using a public cloud platform by the end of 2018. Cloud computing’s impact is global, and has permeated companies of all sizes across all industries and geographies.

Myth #3:  Migrating to the cloud is expensive.

The Truth:  Given the breakneck speed of cloud growth and accessibility, it’s become easier, faster and less expensive for software developers to roll out applications in the cloud as compared to traditional onsite platform development. That cost savings gets passed on to users. You don’t have to buy hardware until you need it, and you don’t have to plan for peak usage, since most traditional servers are only used at 15% of their capacity.

Myth #4:  We don’t need the cloud. Our servers and network are just fine.

The Truth:  Until you outgrow them, and then they become legacy hardware. If you want to future-proof your business and ensure any kind of longevity in this economy, then you need to take advantage of cloud computing. The cloud gives you a flexible computing environment that greatly ramps up your productivity, streamlines efficiency and promotes real-time collaboration no matter where your staff is.

Myth #5:  Migration takes too long – we can’t afford the downtime.

The Truth:  To get the most out of your cloud services, you need to partner up with a managed IT services provider (MSP). With an MSP there is very little to no downtime for data migration. Not sure which cloud computing services are right for your company’s needs? An MSP team of experts will evaluate your servers and network and consult with you to come up with the perfect plan for cloud migration minus the worry. Seamless implementation without the hassle.

That’s where we come in. Give us a call and we’ll help you take that leap into the future. Come join us in the cloud – life is better is up here.

5 catastrophes that made IT disaster recovery critical in 2017 blog

5 Catastrophes that Made IT Disaster Recovery Critical in 2017

“Disasters don’t happen here.”

That kind of thinking can be tempting when you’re deciding what IT recovery plan to include in your budget. But the truth is that major disasters can happen anywhere, at any time. In 2017, there were 16 natural disasters that caused at least $1 billion each in damages – and that doesn’t account for other crises such as hacks and power outages. To ensure that your business survives the unexpected, learn a lesson from these 2017 disasters:

  1. Hurricanes Irma, Harvey and Maria

Extreme flooding from these wildly powerful storms caused an estimated $265 billion in damages. More than two million businesses were potentially impacted by Irma, while Harvey and Maria hit a respective 565,000 and 18,000 businesses. Many business owners found their computers and servers underwater, along with other equipment and backups stored on-site. Downed power lines and damaged phones made communication difficult, but technology that stayed up – including social media, navigation systems and walkie-talkie apps – played a vital role in helping people survive the storms and recover afterward.

  1. California Wildfires

The Thomas fire in December was the largest wildfire California has ever seen, burning more than 280,000 acres and forcing thousands of residents to evacuate. About 60 percent of retail and food service businesses closed, while dozens of businesses were damaged or destroyed. Even after the fire was contained, smoke prevented many employees from working on-site. All in all, the total cost of damage was estimated at $65 billion.

  1. WannaCry Ransomware Attack

In May, hackers launched a vicious attack that took control of more than 200,000 computers in 150 countries, targeting a weakness in outdated software. The thieves demanded a ransom to unlock files for hospitals, airlines, colleges, police departments and more – and many of those who paid still did not receive their data back. But there is good news: 96 percent of companies with a reliable disaster backup plan fully recover from a ransomware attack.

  1. Equifax Breach

One of the three largest credit agencies in the US suffered a massive breach from May to July, affecting more than 145 million consumers whose Social Security, credit card and driver’s license numbers were compromised. The lack of proactive monitoring and prompt reporting – Equifax did not publicly announce the breach until September – left victims vulnerable to identity theft and scrambling to protect themselves too late.

  1. Human Error

Roughly 90 percent of cyber security issues stem from human error or behavior. In 2017, US-based companies reported 1,453 data breaches, many of which resulted from employee negligence or incomplete training. Then there’s the threat of system shutdown, as evidenced in February when hundreds of sites experienced interruptions or went offline after an employee for Amazon Web Services made a mistake while debugging a web hosting server.

Do you know what to do if a disaster affects your business? By the time tragedy strikes, it’s too late – so don’t wait. We will design and implement a customized disaster recovery plan to ensure you don’t miss a beat, regardless of what life throws your way. Contact us today to get started.