First of all, do your best not to handle any credit card numbers if you can help it. For example, if you use a shopping cart such as 1AutomationWiz and you never handle any credit cards in person, then your PCI compliance is much easier. In this example, if the number of cards you process is small enough that you can use a self assessment questionnaire, the number of questions you need to answer drops from 224 to just 15 questions—a huge simplification of the amount of work you need to do to become PCI-DSS compliant!

Before you invest a lot of time making your organization PCI–DSS compliant, first take time to simplify how you accept and process credit cards. You may find that changing some of your business practices, without causing more work for you or inconveniencing your customers, can make PCI compliance even easier.

For example, at one time, I sold books and CD learning kits in the back of the room while speaking. I’ve stopped doing that now to simplify meeting PCI-DSS regulations. If I ever decide to accept credit cards again at events, my compliance will be more complicated.

Have you changed your business processes to be more PCI compliant?

Please post your comments on this blog.

It is also important to have adequate ventilation and fans to circulate the air through the servers so that the temperature inside the computer chassis remains cool as well.

Additionally, it is useful to put monitors in the server room so that if the air conditioning fails at night or over a weekend, alerts will be automatically generated to notify appropriate personnel who can come in to fix the problem before the servers are damaged.

While you are at it, lock your server rooms to prevent intrusion, monitor for floods if that is an issue in your building, and use appropriate power filtering to prevent electrical surges and spikes from damaging your servers.

Please post your comments on this blog.

It is beneficial, every year or so, to have someone in your organization shop around for data service rates for your business.

Most of my clients report findings such as, “We now have twice the data rate for one half the price!”

If you have not shopped around lately, now is a great time to do so! Remember to call telephone companies, cable services, fiber providers, and even fixed wireless if it is available in your area.

If you have multiple locations, you may even find that an MPLS solution, where the telephone company handles much of the traffic routing between locations, is a good option for your organization.

After you save money at the office, have your users check their homes as well. I just upgraded our home to a new provider for half the price that is providing two thirds of a T3’s speed for downstream data—speeds I’d only dreamed of before. The Internet is a whole new experience at these speeds! Remember too that commercial service to your business will cost more than residential service to homes, as well as often provide much faster upstream connections than residential services.

Please post your findings on the blog.

While I was presenting in May, a CEO in the audience related information about a productivity expert promoting human multitasking and providing “Generation Y” with the distractions they want while at the office. You may have followed my blog postings the past two weeks about the disruption of interruptions and the idea of human multitasking.

There is indeed literature promoting what I would call the “distracted work environment” in an effort to attract the “best and brightest” young employees.

I guess I’m old-fashioned, and I’m taking the stand that the “best and brightest” employees will not want to be distracted while performing their duties on the job. From an IT security perspective, this access can be devastating to your business.

The CEO in the audience feels that in order for Gen Y employees to be happy, employers need to provide them access to social media all day long to use at the worker’s discretion. He cited examples of the work environments at Google and other Internet companies. I wonder how many other employers tell themselves it is “ok” to provide distractions to workers.

For Google, and even the marketing professionals at your own organization, it makes sense—even to me—for them to access social media at work since that is part of their job!

To me, promoting social media for non-work-related tasks makes as much sense as keeping a carton of cigarettes readily available and constantly restocked at the desk of someone who is trying to stop smoking.  Sounds more like temptation and torture than being supportive of someone achieving their goal.

I believe in workers feeling happy based on a “job well done” and my appreciation for their accurate and productive work. I believe there are members of Generation Y who take pride in their work and perform to the best of their abilities. I feel it is the employer’s responsibility to provide them with a productive work environment—free of distractions.

Isn’t it enough that the employees can have their own smart phone or other device right next to their desk and use that for their distractions? Need we, as employers, provide the same distraction using a larger screen on company owned equipment? No, you do not—at least not in the summer of 2010. The inappropriate access for non-work-related social media access results in too much lost productivity and too risky for IT security.

You may have seen the short comedy video a wonderful video production firm created for The Foster Institute, Inc. demonstrating the internet misuse that may be going on in your organization. The theme of the video is an office romance gone awry.

One of the more enjoyable parts of blogging is stirring up some controversy, so please post your comments on the blog.

Between two back-to-back engagements in the East earlier this year, the best transportation option was to charter a private flight since other transportation options were more costly in both time and money. I booked the charter under the stipulation that the pilot allow me to sit in the copilot seat rather than “in the back” as long as I promised not to”push any buttons.” The charter service agreed, and it was 2 hours of the beautiful scenery and enlightening conversation!

The weather was beautiful and I was able to increase my knowledge of flying, navigating, aviation radio communications, and the procedures pilots use every day. My experienced and highly capable pilot spoke of how he flew Apache helicopters in the service and we discussed human multitasking—which is important when piloting an Apache. I learned later that a pilot in the book Apache by Ed Macy reports his cockpit video even showed the pilot’s two eyeballs looking in two different directions regularly during times that required multitasking!  I am unsure if the Generation Y employees have the same level of intensive training as Apache helicopter pilots.

Even my pilot, whom I hold in the highest esteem and feel enormous respect for his rotor and fixed wing piloting abilities, transmitted incorrect information through an air traffic control hand-off during our flight. I noticed it as he was transmitting, and the air traffic controller did too because they immediately asked for clarification. The point is, no matter how good we are, we are all humans. Adding multitasking requirements increases the chances for errors.

We live in a day of social media, text messages, e-mail, and constant information being “fed” to us at sometimes an alarming rate. I would find it difficult to use the Internet and e-mail at all without good spam and web content filters to eliminate the data I’m for sure not interested in anyway.

Scientific studies in controlled environment show humans who multitask suffer a precipitous drop in productivity with an associated increase in errors.  Why would we do this to our employees, especially if they are paid by the hour?

Scientists discovered that, rather than multitasking, the brain must perform rapid task-switching. On top of that, the brain must now also monitor to see which task needs attention in the next moment.  This leads to each important task only receiving the partial attention of the human.

On top of that, do you enjoy talking to someone who is not making eye contact and they type furiously while you speak? Most employers want their workers to provide full attention to work-related tasks while on the clock.

Can you or anyone you know effectively do more than one thing at the same time? Please post your comments on the blog.

When CNN ran the story, Study tracks effects of interruptions on doctors, I immediately thought about the effects of interruptions on the “doctors” who take care of your IT—your IT professionals!

If you have seen me speak, or experienced an IT Vital Systems Review audit, you have heard my soap box spiel about how IT professionals all need at least one 45 minute period of uninterrupted time each day to accomplish tasks. My preference is that they get even more than one of those periods.

When solving an IT related issue, planning the next upgrade, or focusing on some other IT related process, it is crucial for the IT professional to be balancing multiple ideas and multiple subjects around in their brain simultaneously. One unnecessary interruption can throw the IT professional back to “square one” again in a nanosecond.

The CNN article says doctors did not even return to almost 20% of the tasks they were doing when interrupted.

Interruptions are dangerous to medical professionals in hospitals, pilots in aircraft, and IT professionals in your organization.

Save them time, and yourself money, by allowing them to work quietly from time to time.  If you have them on staff, IT developers are the same way. Writing code is a thought intensive process.

I was interrupted twice while writing this article. How many times were you interrupted while reading it?

For that matter, some of the CEO’s and other key executives that read these blog postings can benefit from some uninterrupted time as well!  Please post your thoughts on this blog.

If you suffer a data breach or lose a laptop, you may be required to send out letters notifying everyone who has ever done business with you of the possible loss of data.

One of my clients explained that the costs can soar to $5 per person to locate and notify people you’ve done business with. That’s $5,000 for every 1000 people you’ve served!

Additionally, there may be fines levied against you. For example,  in April 2010 the Financial Regulatory Authority fined the brokerage firm D.A. Davidson & Co. in Montana $375,000 after a hacker broke into their servers.

More and more, my clients and audience members are asking about IT security insurance to augment your protection. There is even IT data security insurance. If your insurance provider does not offer this service, or if you want to shop around, I know of an agency that does offer IT security insurance and can write coverage anywhere in the USA: Andy Burkart, CPCU, of Burkart-Heisdorf Insurance Agency. The phone number is 800-989-6174.

I am NOT an insurance professional, so I encourage you to post any information and comments on this blog.

Some IT professionals tell me that their “boss” came down and said, “Give company such and such access into our network to access our data files so they can provide such and such service.” If the IT professional was brave enough to object to the “order,” they often got shot down.

If your IT professional knows anything about security, they get some pretty sweaty palms when opening up access to other companies. Their nights of restful sleep are probably over at that point too. And so should the executives be terrified!

Please do NOT open up your network for access by third party companies. I run into this at four or five companies a month and it has to stop!  Do you realize that:

• If the other company catches a virus, you probably will too?
• If an employee at the other company wants to steal your data, destroy your information, and even store illegal information at your office, they can?
• If you have a security problem, the other company may come after you for damages you cause on their network?

Indeed, it is feasible to outsource some of your services and functions into the “cloud.” More and more organizations are doing this.

The important part is to connect to the other entity in a responsible way! Allowing them unfettered access into your network is often a reckless choice.

I recently had a shocking conversation with an IT professional working as the sole IT professional at a company in the US. I encouraged him to apply patches to his network and his response was, “I do not need to patch the operating system or applications—I have anti-virus and that protects the network from all security risks.”

At first, I thought he was joking with me. He wasn’t! I asked, “What if a user writes the password on a sticky note and the cleaning crew logs in as them to access secure files—does anti-virus prevent that?” The IT pro said yes he was protected.  Several of his “IT advisors” told him anti-virus was all he needed.

I attempted to get through to him for almost 10 minutes with other examples, sent him links to articles on news sites showing reality, and he kept going back to “his trusted advisors told him not to worry about it.” I asked who the “trusted advisors” were and he didn’t want to divulge their identities but assured me “they are really smart.” I even offered to have a conference call with the IT professional and his advisors, but he felt that wasn’t necessary.

This poor IT professional totally believes his reality. He probably will until something bad happens—and at what expense?

I experience this to varying degrees fairly often with “IT professionals,” and frankly I find it unsettling because executives trust their IT professionals with the safety of their business. Executives need to trust their IT professionals.

Executives please make sure your IT department’s advisors are trustworthy as well!

Spouses and children tend to engage in online behavior that can lead to infections on your home computer. They visit many web sites, participate in instant messaging and social media, and may even share files with “friends.” Spouses and children may sometimes ignore important system messages and also sometimes “fall for” bogus system messages designed to allow a virus, worm, or Trojan to infect your computer.

Then, when you sit down to do your online banking, your account may be compromised.

Maybe now is a good time to treat yourself, or your family, to a separate computer. Here are 7 quick tips to perform on any new computer to help keep it safe: http://www.fosterinstitute.com/blog/7-quick-tips/