SMB Data Breach Fallout
For any organization a data breach is a disruptive experience. Besides the distraction from daily operations, and unwanted publicity, a data breach brings a huge financial burden as well. Most large businesses have the resources to weather the storm, but many small and mid size businesses aren't as fortunate. Most SMBs don't have the capital or technical talent on staff to properly respond to a data security breach. Given that 71% of data breaches target small businesses, I thought it would be beneficial to discuss the fallout of a security breach and the impact it could have to a small business.
Microsoft My Bulletins & PCI Compliance
Microsoft just released a new tool for their Security TechCenter. Its a pretty straight-forward service called My Bulletins [^1]. Basically it provides a customized dashboard to present Microsoft security bulletins. The nice thing is that you can customize the dashboard to only receive notices for those Microsoft products you use and care about.
PCI Policy Documentation
Without fail, the first time an organization goes through the PCI gap assessment, remediation, and assessment cycle, they always underestimate the amount of specificity required by the PCI DSS. Smaller companies will spend a significant amount of time drafting and adopting new policies within their organization, while larger companies will spend their time trying to find which existing policies satisfy which requirements, making adjustments as necessary.