Home > Network & Security Outsourcing > How to avoid a Data Breach
How to avoid a Data Breach

How to avoid a Data Breach

There’s nothing more frightening for a company than to get the news from their IT department that a security breach has been identified, and that the extent of the breach is unknown.
Recently, well-known companies such ebay, JP Morgan, Target and Home Depot have been in the headlines that have cost their companies millions of dollars to remediate the breach, not to mention the associated penalties and damaged reputation of the business with all the negative media coverage. In 2014, approximately 375 million instances were reported in which customer information was stolen, most which were due to breached credit card transactions. There are more than 23 billion credit card transactions per year in the U.S. alone, and it only takes one savvy hacker to create and execute a code to bring a company that relies on credit card transactions to come to a complete halt. So the main question is, what can you do for your business to prevent a hacker from putting your company in the headlines for not having the proper security measures in place to protect your customer’s personal information? You first need to get familiar with the term “PCI DSS” and PCI DSS standards. PCI stands for Payment Card Data Security Standards. So what is it? It’s simply a standard that a business must adhere to if major credit cards such as VISA, MasterCard, AMEX and Discover are used to process transactions. Companies that do not pursue PCI DSS compliance pay a high price when an incident occurs and it only takes a single event to expose the vulnerability.

Earthlink knows how important it is to educate our customers about compliance and to provide solutions to ensure that their business does not become the next victim. In September of 2014, Earthlink launched its PCI Compliance Solutions, including PCI Protect, PCI Assist and PCI Certify which are designed to help businesses achieve and maintain PCI DSS compliance while providing financial breach protection. EarthLink is the only network service provider to offer financial data breach protection. It is critical to choose the right service provider to address compliance, and Earthlink has the expertise and experience to meet your needs. Using a state-of-the-art portal, myLink, customers can easily click through and utilize tools to accomplish their goals easily and quickly.

Earthlink PCI Protect provides merchants a suite of tools to verify and support PCI compliance including:

• Security policy (PCI DSS Requirement 12.1)
• Web-based training (PCI DSS Requirement 12.6)
• Quarterly external ASV scans (PCI DSS Requirement 11.2.2)
• Online self-assessment questionnaire (SAQ)
• Access to online knowledge base

Earthlink PCI Assist, an additional service that helps customers incorporate PCI compliance practices into their business, further includes:

• A one-time overview of the PCI Protect portal features and functionality.
• Periodic reminders of various aspects of PCI compliance, to assist in keeping the portal record up-to-date or achieving milestones in compliance activity.
• Monthly upload of employee information into the PCI Protect portal.
• Monthly determination of employee e-learning requirements.
• Monthly assignment of e-learning for required employees.
• A custom PCI approved policy created using the PCI Portal policy templates and loaded into the portal.
• Annual determination of the customer’s required SAQ filing type.
• Annual determination of the customer’s ASV IP address type.
• Quarterly schedule and launch of quarterly ASV external vulnerability scans.
• Quarterly provision of ASV external vulnerability scan remediation assistance.
• Quarterly review and explanation of PCI Protect portal reports.
• Annual assistance with Attestation of Compliance (AOC) completion; the AOC must be printed and signed by the customer.

And finally with PCI Certify, businesses can leverage a range of customized, tailored professional services, including:

• Annual determination of the customer’s ASV IP address type.
• Quarterly schedule and launch of quarterly ASV external vulnerability scans.
• Quarterly provision of ASV external vulnerability scan remediation assistance.
• Quarterly review and explanation of PCI Protect portal reports.
• Annual assistance with Attestation of Compliance (AOC) completion; the AOC must be printed and signed by the customer.

Timing is critical, and the sooner your business addresses the importance of PCI DSS compliance, the more likely you are to save your company millions, if not billions, of dollars in lost revenue. Don’t wait, call Earthlink to learn more.

About TJ Kulpa

TJ Kulpa
TJ Kulpa joined Earthlink in November of 2013 as Director of ITS Services. He has been in the telecommunications industry for over 20 years with experience ranging from Technical Sales Support, Director of Network Operations, and most recently before his role at Earthlink, Director of Product Development and Management for Data and Security Services. He has led teams developing successful data and security products with advanced features to meet the demand of the ever changing landscape. TJ was recruited by Earthlink in Q4 2013 to manage the company’s Cloud and Security services initiative and to take the product set to the next level. With focus on the security product set, TJ continues to evolve the security solutions to address the ever-growing threats that face companies today by adding features and functionality to the core product set. With recent releases to the current Data Center Firewall product and PCI Compliant Solutions, it is his passion to assist customers in understanding how critical it is have a security solution in place that prevents a company’s critical data and transactions from ever being compromised 24x7x365.