Category "Compliance"

These days e-commerce stores are popping up left and right and in such a fast growing area of business, it is inevitable that rumors will just start flowing in, confusing both newcomers and experts alike.  Simply put, all businesses that accept credit cards must be in compliance with standards set forth by the Payment Card Industry Data Security Standard (PCI DSS).  There are no exceptions to this rule, so why don’t we dispel some common myths about PCI compliance.

“Someone else actually processes our credit cards, we just outsource to them.”

This is one of the most common myths, and it is easy to see why.  It makes sense, doesn’t it?  If some third party is actually processing your cards, then why should you worry about PCI compliance?  The PCI says that it is your job to ensure transactions are safe from start to finish.  Having another company process the cards doesn’t mean that your customers are safe from end-to-end, starting from your website where they originated.

“My business is small – PCI compliance is for large corporations.”

While small businesses may not need to submit an actual report to the PCI Security Standards Council, you will still be held accountable if there were to be a security breach.  Feigning ignorance will certainly not get you off the hook.

“PCI compliance is only for credit cards.  ATM and debit cards are exempt.”

A majority of transactions will be processed as credit, regardless of the type of card used.  Additionally, the same banks that issue credit cards also issue debit cards.  PCI DSS requires compliance regardless of the type of card used.

“Merchants can store whatever data they want.”

Many merchants out there assume that since the customer gave them this data, they are allowed to knowingly store it however they would like.  This misconception can lead to some serious legal problems.  Storing certain types of data is in violation of PCI DSS and, as a result, may be in violation of state and even federal privacy laws.  If your system were to ever be identified as the originating site of a data breach, which resulted in the release of card users’ data, you will be subject to fines and restitution to recoup any losses from that breach.

WHOA.com’s cloud infrastructure features PCI DSS 3.2 and ISO 27001 certification and HIPAA compliance for cloud solutions. Contact us to learn more about PCI compliant cloud services.

The holiday season isn’t far off, and although consumers are looking forward to it, businesses are working hard to get ready. They’re stocking their inventories with what they hope are the right quantities of the right products. In addition, businesses will give their e-commerce websites a holiday theme and display the products that consumers will want to buy. If this describes your situation, you should also make sure your servers and application hosting are up to the task of handling the holiday rush.

Perhaps you have an elaborate e-commerce website that requires considerable bandwidth to load. Do your servers have the capacity to handle the peak holiday traffic? If not, your site will load too slowly for your impatient customers, who will move on rather than wait. In addition, your e-commerce applications that handle the transactions, as well as your ERP software that manages your inventory, does your book-keeping, and helps your warehouse staff fulfill the onslaught of orders will also take their bandwidth toll on your servers.

If holiday shopping constitutes a substantial part of your yearly profits, everything must work perfectly. You can’t afford to lose your online presence because of bandwidth problems. If you’re using application hosting, the holiday season isn’t the time to find out about their unreliable up-time or their unresponsive customer service. The true test of a hosting service’s customer service is how well they handle peak periods of customer usage such as the holiday season. Will they quickly respond to your inquiries? Or will they never get around to handling your difficulties because they’re swamped?

Of course, the customer service departments of the very best application hosting providers will have an easy time of it because their servers will handle the holiday bandwidth demand with ease, and few customers will call in. If this is the type of application hosting you want to use this holiday season, contact us at WHOA.com.

How Business Continuity Plans Fail: A flawed business continuity plan that has little chance of holding up in a true disaster is just so many words. Its only effect is to provide the business with a false sense of security. Many of the shortcomings of these plans stem from using false assumptions.

For example, many business continuity plans failed in the aftermath of hurricanes Katrina and Sandy because it was assumed that employees could work from home should a disaster occur, and that data stored in an alternate location would be accessible. However, widespread power outages and flooding prevented employees from accessing the Internet. In addition, many employees were dealing with more basic survival issues such as access to shelter and clean water. If there is one lesson to be learned from this is that business continuity plans require the input of business continuity experts.

Here are four common business continuity mistakes to avoid:

Working off of Business Continuity Templates Without Planning

Business continuity templates are freely available over the Internet. Working with these too quickly without thinking through how they apply to your unique situation will generate a plan without doing any actual planning on your part. More likely than not, it will have fatal flaws.

False Assumptions

Should a disaster occur in your area, will basic utilities such as electricity and water be available? Will the transportation infrastructure be usable? The answers to these and other questions will depend on your particular locality. Different regions contend with different types of natural disasters. For example, an area in the heartland of the U.S. need not plan for the effects of hurricanes.

Be careful about assumptions regarding which of your key employees will be available during a disaster.

Incomplete List of Threats

Failing to identify all likely threats to your organization results in a partial plan. Your plan should include likely natural disasters, online and offline security threats, and damage caused by disgruntled employees.

Plan Not Readily Available

A business continuity plan that resides in the cloud isn’t available if there’s no Internet access. If it resides in the heads of a few key people, then it isn’t available if these people are on vacation or trapped in their homes with no means of communicating with the outside world. Your plan should be well-documented and available to those who will implement it should the need arise.

The above mistakes are by no means a complete listing. To ensure that your plan will perform well when it’s needed, consult with business continuity experts. For more information, contact us today.

Every business must have a business continuity plan that will secure the future of the business in the long-term. Ensure there is continuity in delivering services and products by putting in place critical infrastructure. Inculcate confidence in the business by ensuring there is no negative perception by your employees and customers. Retain their confidence even when recovering from a disaster. Having an effective plan ensures the business maintains good performance despite disasters it is facing. A good plan reduces disruption costs and the company benefits from insurance premium discounts. This enables the business to eliminate excesses and open doors to  better insurance products. Having a solid business continuity plan enables you to get coverage for unacceptable risks.

As a business, aim to protect your service delivery and operations by ensuring it does not fail under any circumstance. The plan enables you to make quick decisions to safeguard the business. The business must have a better response to disruptions so as to minimize the impact on service delivery to customers.

Put in place support resources from other departments to boost areas experiencing disruptions. A solid continuity plan enables you to build a strong customer confidence and gaining their trust. You can increase your appeal to consumer regulated markets. Customers value reliable services. Therefore, ensure the business is competent even amidst disasters. The senior management team should give quick responses to protect the livelihood of employees by increasing confidence in the workforce.

The business must comply with set regulations and laws to reduce  disruptions.  These regulatory requirements include tax and money laundering laws. A good plan helps mitigate financial exposures and business risks. This minimizes financial losses and mitigation reduces financial losses and protects the business.

© 2018 WHOA.com All rights reserved.