First of all, do your best not to handle any credit card numbers if you can help it. For example, if you use a shopping cart such as 1AutomationWiz and you never handle any credit cards in person, then your PCI compliance is much easier. In this example, if the number of cards you process is small enough that you can use a self assessment questionnaire, the number of questions you need to answer drops from 224 to just 15 questions—a huge simplification of the amount of work you need to do to become PCI-DSS compliant!

Before you invest a lot of time making your organization PCI–DSS compliant, first take time to simplify how you accept and process credit cards. You may find that changing some of your business practices, without causing more work for you or inconveniencing your customers, can make PCI compliance even easier.

For example, at one time, I sold books and CD learning kits in the back of the room while speaking. I’ve stopped doing that now to simplify meeting PCI-DSS regulations. If I ever decide to accept credit cards again at events, my compliance will be more complicated.

Have you changed your business processes to be more PCI compliant?

Please post your comments on this blog.

It is also important to have adequate ventilation and fans to circulate the air through the servers so that the temperature inside the computer chassis remains cool as well.

Additionally, it is useful to put monitors in the server room so that if the air conditioning fails at night or over a weekend, alerts will be automatically generated to notify appropriate personnel who can come in to fix the problem before the servers are damaged.

While you are at it, lock your server rooms to prevent intrusion, monitor for floods if that is an issue in your building, and use appropriate power filtering to prevent electrical surges and spikes from damaging your servers.

Please post your comments on this blog.

It is beneficial, every year or so, to have someone in your organization shop around for data service rates for your business.

Most of my clients report findings such as, “We now have twice the data rate for one half the price!”

If you have not shopped around lately, now is a great time to do so! Remember to call telephone companies, cable services, fiber providers, and even fixed wireless if it is available in your area.

If you have multiple locations, you may even find that an MPLS solution, where the telephone company handles much of the traffic routing between locations, is a good option for your organization.

After you save money at the office, have your users check their homes as well. I just upgraded our home to a new provider for half the price that is providing two thirds of a T3’s speed for downstream data—speeds I’d only dreamed of before. The Internet is a whole new experience at these speeds! Remember too that commercial service to your business will cost more than residential service to homes, as well as often provide much faster upstream connections than residential services.

Please post your findings on the blog.

While I was presenting in May, a CEO in the audience related information about a productivity expert promoting human multitasking and providing “Generation Y” with the distractions they want while at the office. You may have followed my blog postings the past two weeks about the disruption of interruptions and the idea of human multitasking.

There is indeed literature promoting what I would call the “distracted work environment” in an effort to attract the “best and brightest” young employees.

I guess I’m old-fashioned, and I’m taking the stand that the “best and brightest” employees will not want to be distracted while performing their duties on the job. From an IT security perspective, this access can be devastating to your business.

The CEO in the audience feels that in order for Gen Y employees to be happy, employers need to provide them access to social media all day long to use at the worker’s discretion. He cited examples of the work environments at Google and other Internet companies. I wonder how many other employers tell themselves it is “ok” to provide distractions to workers.

For Google, and even the marketing professionals at your own organization, it makes sense—even to me—for them to access social media at work since that is part of their job!

To me, promoting social media for non-work-related tasks makes as much sense as keeping a carton of cigarettes readily available and constantly restocked at the desk of someone who is trying to stop smoking.  Sounds more like temptation and torture than being supportive of someone achieving their goal.

I believe in workers feeling happy based on a “job well done” and my appreciation for their accurate and productive work. I believe there are members of Generation Y who take pride in their work and perform to the best of their abilities. I feel it is the employer’s responsibility to provide them with a productive work environment—free of distractions.

Isn’t it enough that the employees can have their own smart phone or other device right next to their desk and use that for their distractions? Need we, as employers, provide the same distraction using a larger screen on company owned equipment? No, you do not—at least not in the summer of 2010. The inappropriate access for non-work-related social media access results in too much lost productivity and too risky for IT security.

You may have seen the short comedy video a wonderful video production firm created for The Foster Institute, Inc. demonstrating the internet misuse that may be going on in your organization. The theme of the video is an office romance gone awry.

One of the more enjoyable parts of blogging is stirring up some controversy, so please post your comments on the blog.

When CNN ran the story, Study tracks effects of interruptions on doctors, I immediately thought about the effects of interruptions on the “doctors” who take care of your IT—your IT professionals!

If you have seen me speak, or experienced an IT Vital Systems Review audit, you have heard my soap box spiel about how IT professionals all need at least one 45 minute period of uninterrupted time each day to accomplish tasks. My preference is that they get even more than one of those periods.

When solving an IT related issue, planning the next upgrade, or focusing on some other IT related process, it is crucial for the IT professional to be balancing multiple ideas and multiple subjects around in their brain simultaneously. One unnecessary interruption can throw the IT professional back to “square one” again in a nanosecond.

The CNN article says doctors did not even return to almost 20% of the tasks they were doing when interrupted.

Interruptions are dangerous to medical professionals in hospitals, pilots in aircraft, and IT professionals in your organization.

Save them time, and yourself money, by allowing them to work quietly from time to time.  If you have them on staff, IT developers are the same way. Writing code is a thought intensive process.

I was interrupted twice while writing this article. How many times were you interrupted while reading it?

For that matter, some of the CEO’s and other key executives that read these blog postings can benefit from some uninterrupted time as well!  Please post your thoughts on this blog.

Some IT professionals tell me that their “boss” came down and said, “Give company such and such access into our network to access our data files so they can provide such and such service.” If the IT professional was brave enough to object to the “order,” they often got shot down.

If your IT professional knows anything about security, they get some pretty sweaty palms when opening up access to other companies. Their nights of restful sleep are probably over at that point too. And so should the executives be terrified!

Please do NOT open up your network for access by third party companies. I run into this at four or five companies a month and it has to stop!  Do you realize that:

• If the other company catches a virus, you probably will too?
• If an employee at the other company wants to steal your data, destroy your information, and even store illegal information at your office, they can?
• If you have a security problem, the other company may come after you for damages you cause on their network?

Indeed, it is feasible to outsource some of your services and functions into the “cloud.” More and more organizations are doing this.

The important part is to connect to the other entity in a responsible way! Allowing them unfettered access into your network is often a reckless choice.

Spouses and children tend to engage in online behavior that can lead to infections on your home computer. They visit many web sites, participate in instant messaging and social media, and may even share files with “friends.” Spouses and children may sometimes ignore important system messages and also sometimes “fall for” bogus system messages designed to allow a virus, worm, or Trojan to infect your computer.

Then, when you sit down to do your online banking, your account may be compromised.

Maybe now is a good time to treat yourself, or your family, to a separate computer. Here are 7 quick tips to perform on any new computer to help keep it safe: http://www.fosterinstitute.com/blog/7-quick-tips/

You can watch the short video on this story. Keep in mind that more and more social media tools are offering a service, sometimes turned on by default without your knowledge, to broadcast your GPS position.

Choose your friends online wisely. Watch two videos that demonstrate this principle:

• Facebook Identity Theft: Office Romance Goes Wrong When Facebook Profile is Hacked
• Car Wreck Car Crash and Social Internet Safety

For suggestions on how to be safe online using social media, visit www.learntobesafeonline.com

Without getting into the technical details, robust virtualization technology exists today that allows your operating systems and applications to be easily portable from one computer to the next, and even delivered to a machine quickly through the Internet.

This means that if a disaster strikes your main office—even a power failure that exceeds the capabilities of your standby power generator—your servers can basically migrate themselves to servers operating in one of your other offices or a safe data center of your choosing.  Keeping this in plain English: your users will still be able to get their work done as if nothing happened.

In the past, this kind of protection was very expensive, and now the prices are spiraling down. Some of the technologies you put in to save money on servers today, like server virtualization, come with this DRP advantage as a “side benefit” if you use it.  As you add technology to support remote users or simplify the IT management in your organization, like Terminal Services or Citrix Xen, also add the possibility for robust DRP.

As you upgrade your systems—be sure to get advice from a qualified professional about getting your Disaster Recovery Plan in order!

There is great advice on using multiple monitors, going paperless, having safe backups, and leveraging laptop computers.

CPA’s, CFO’s, and Controllers are involved in your business—and it just seems right to pass this resource along to you.

The entire article can be found at www.cpatrendlines.com and www.cpa2biz.com.