In the current environment of social distancing and uncertainty, as a store or restaurant operator, you are focusing on protecting staff, customers and your business. However, it’s also critical to make sure you don’t let your guard down when it comes to protecting your network.
Even with the increasing number of people working remotely and the reliance on third-party technicians, with the right solution, you can still enable them to securely connect to POS, DVR, ATG and other inherently insecure devices in a PCI compliant manner. What this means to you is that your operations and support personnel don’t have to go onsite to access local devices. Instead, they can securely and remotely connect to resolve issues and keep your store up and running.
PCI DSS requirements
When looking for a remote access solution, you want to make sure you are adhering to the PCI Security Standards Council requirements. Two of these, PCI DSS r. 12.3.8 and 12.3.9, stipulate that remote access for vendors and business partners be provided only when needed and automatically disconnect after a period of inactivity.
PCI DSS 12.3.8 Automatic disconnect of sessions for remote-access technologies after a specific period of inactivity
PCI DSS 12.3.9 Activation of remote-access technologies for vendors and business partners only when needed by vendors and business partners, with immediate deactivation after use
SOURCE: PCI Security Standards Council (PCI SSC)
A secure, PCI compliant solution for remote access
Acumera recently introduced its AcuLink Endpoint Connection Service, which allows endpoint devices to be fully isolated on local segments but still be accessible by operations and support personnel in a PCI DSS compliant way from any location. Instead of going onsite, they can securely and remotely connect — resulting in accelerated service, reduced technician visits and expenses, and faster issue resolution.
• Simple one-click activation of remote sessions
• Pre-defined, automatic disconnection of remote sessions
• Authenticated, logged and secured ephemeral connections
• Compliance with PCI DSS remote access requirements 12.3.8 and 12.3.9
• Remote access of POS to accelerate service and reduce technician travel and expense
• Compliant remote access to legacy devices like DVRs and ATGs
Through July 31, 2020, Acumera is offering the new AcuLink Endpoint app at no additional charge to current clients with C-Store Connections or a comparable package. Contact Acumera at 512.687.7410 or firstname.lastname@example.org for more details.
The Cybersecurity and Infrastructure Security Agency (CISA) has released a notice regarding updates to the Iranian Cyber Threat Profile. You can view the original article online: https://www.us-cert.gov/ncas/alerts/aa20-006a. CISA advises that organizations consider these action items: Adopt a state of heightened awareness. Minimize gaps in personnel coverage, consistently …
Granting secure, PCI compliant remote access to network devices for authorized employees and service providers
Legacy equipment, like DVRs and ATGs, often expose an attack vector to the digital estate of the store, so how do you provide secure remote access to these and other network-connected devices for authorized employees, third-party service providers and business partners? Standards for PCI compliance included …
How to select a Verifone certified Managed Network Service Provider (MNSP) and prepare for outdoor EMV
Verifone’s Enhanced Zone Router (EZR) is reaching its end-of-life and cannot support the ever-evolving cybersecurity threats and outdoor EMV. As a result, Verifone previously announced that new installations should deploy devices with a certified Managed Network Service Provider (MNSP). What is in included Verifone’s MNSP program? …